Another choice you have to make before going through the last piece is whether to use split tunneling or forced tunneling. Split tunneling is a situation where the client computer sends traffic that is destined for the organizational network through the tunnel, but other traffic, such as browsing to public sites on the internet goes directly to the internet through the ISP's routers. Most VPN deployments go with that, and before SP1, UAG did not offer an option to select this mode through the configuration console. With SP1, you can choose to configure Forced Tunneling, which forces all traffic to go through the DA tunnel. This would be considered a stricter option—one taken by organizations that are concerned that split tunneling may jeopardize the internal network. As always, opinions about that differ, and the ultimate decision is yours.
Three important things to keep in mind, though, are that if you route all the "home" traffic through DA, you may be severely limiting your...