I hear a lot of people ask why you need two public IP addresses to support DirectAccess.
The reason for this is that in order for Teredo to determine what type of NAT device the DA client is behind, it needs two public addresses on the Teredo server. Note that this is not required for the 6to4 and IP-HTTPS DA clients.
Teredo is the most common DA client configuration, with IP-HTTPS being far behind as the second most common configuration. In addition, IP-HTTPS doesn't perform nearly as well as Teredo, so you want to make sure you support Teredo as often as you can.
Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Oh yes, I get that the second IP address is to determine what type of NAT the system is behind (I was at that meeting!) but I was always confused as to why it had to be consecutive. I don't expect this to be a problem for most organizations, although it might be for some. I'd think that if you, as the administrator, could specify which two IP addresses you wanted to use that would suffice.
That's a good point. While for some people use two consecutive addresses isn't a problem, I can see how it might be easier for a lot of people if they could just use any two addresses.
I'll see if I can find out why the Windows 7 team decided that the client should look for two consecutive addresses, instead of any two addresses.