Just like for application publishing, a DA server has to have at least two network interfaces. One will be facing the Internet and the other your internal network or DMZ. As we said in Chapter 1, UAG has TMG to act as its very own Firewall, but if you want additional protection, you can place UAG behind another firewall, and you can also place a firewall behind UAG, in between it and the corporate network. As always, make sure that the firewalls are configured to route traffic properly, and have the appropriate ports opened.
On the Internet side, there's an additional requirement. The external interface needs to have 2 IP addresses (those are IPv4 addresses), and they have to be consecutive. There are two reasons for this. One is that each one of the 2 DA IPSec tunnels needs to bind to a dedicated IP, so you need two. The second reason is for Teredo—Teredo needs to detect the type of NAT used on the Client side, because it cannot work with all types...