You may encounter a scenario in which the ability to manage out fails for DirectAccess clients using Forefront UAG 2010. You may also receive the following error:
4984 “An IPsec extended mode negotiation failed”
This can happen when custom security policies are applied to the DirectAccess client, specifically altering the settings for “Access this computer from the network“.
For more information regarding this error and how to resolve it, please refer to Microsoft Knowledge Base article 2663354.