• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

What happens if I start an SSTP connection on my DirectAccess client?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What happens if I start an SSTP connection on my DirectAccess client? Page: [1]
Login
Message << Older Topic   Newer Topic >>
What happens if I start an SSTP connection on my Direct... - 7.May2010 1:37:20 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
When your DirectAccess client is somewhere outside the corporate network, it will always be connnected to your corporate network. However, there may be some resources that the DA client won't be able to connect to. Examples of such resources or those that require a client application that doesn't support IPv6, or when the DA client computer needs to connect to a server resource that doesn't support IPv6. Another example is when the application protocol embeds IPv4 addresses or other information that the NAT64 component can't access.

When this happens you can start an SSTP connection to the UAG DA server and work over IPv4 only. That will allow you to connect using only IPv4 and work with these legacy client and server applciations. However, after you connect the SSTP link, the DirectAccess IPsec tunnels will drop, since the client will be able to connect to the Network Location Server. You won't notice any problem, since you'll have complete connectivity over IP4. When you disconnect the SSTP connection, the IPsec tunnels will come up again and the computer will act as a DiretAccess client again.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Post #: 1
RE: What happens if I start an SSTP connection on my Di... - 7.May2010 6:49:15 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
...and it works like a dream

We also use fallback to SSTP (via UAG Remote Network Access application) when the DA client is in a location that is not DA friendly (auth outbound proxy) or some other DA problem.

Cheers

JJ



_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 2
RE: What happens if I start an SSTP connection on my Di... - 7.May2010 6:50:09 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
You ever get the impression it's just you and me Tom???

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Jason Jones)
Post #: 3
RE: What happens if I start an SSTP connection on my Di... - 8.May2010 10:50:30 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Yes, also useful for the authenticating web proxy problem :)

There's got to be some other people who are interested in DirectAccess! It's always a hot topic at TechEd and other conferences. Is it so easy that no one has any problems with it and so they don't have any questions?



Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 4
RE: What happens if I start an SSTP connection on my Di... - 8.May2010 9:01:08 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Maybe UAG and your lab guide have made it too easy ;)

Seriously though, I think ISAserver.org may not be the most logical place to look for UAG/DA help...

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 5
RE: What happens if I start an SSTP connection on my Di... - 10.May2010 8:57:33 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
I think over time ISAserver.org will be transitioning away from ISA and TMG and toward UAG, or provide a greater mix of TMG and UAG content.

Oh well, I'll continue with "firm, constant, pressure" and hope that when a critical mass is accumulated, isaserver.org will be in the right place to provide people the information they need to supplement what's available over on ms.com.

I think the TechNet wiki is going to be a great place too. The only limitation, and it's a significant one, is that it really doesn't fully support graphics, unless you want to save each one to a file, then manually insert it into the wiki article. Not very elegant and wastes too much time to put pictures in, so isaserver.org will be able to fill in that gap.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What happens if I start an SSTP connection on my DirectAccess client? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts