Why You Need an External ISATAP Router to Support Multi-Site UAG Deployments

imageTom was talking to me about a project he was doing for Microsoft where he is creating a Test Lab Guide to support multi-site deployment of UAG DirectAccess. As you might know, the default configuration of DirectAccess is designed to support a single DirectAccess entry point. While the UAG DirectAccess solution supports arrays of up to 8 UAG DirectAccess servers, all the servers in the array must be at the same site. If that site goes down, then all of your DirectAccess users are out of luck.

You can use the design that Ben Bernstein came up with and that describes in his article to deploy a multi-site configuration that enables you to have more than one DirectAccess entry point. However, to do that, you need to move the ISATAP router role off of the UAG servers in the UAG DirectAccess array.

Of course, my thought was “why do you need to do that?” and apparently I was the only one. Of course, when I asked him he said something like “it won’t work if you don’t do it that way” in a fashion typical of husbands Smile. However, somebody else asked him the same question on his “Edge Man” blog and he decided to provide the answer. Better late than never.

I found the description very interesting and much of has to do with IPv6 and IPv6 transition technologies. Check out Tom’s Edge Man article for all the details at:




MVP (Enterprise Security)
[email protected]

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top