I hear a lot of people ask why you need two public IP addresses to support DirectAccess.
The reason for this is that in order for Teredo to determine what type of NAT device the DA client is behind, it needs two public addresses on the Teredo server. Note that this is not required for the 6to4 and IP-HTTPS DA clients.
Teredo is the most common DA client configuration, with IP-HTTPS being far behind as the second most common configuration. In addition, IP-HTTPS doesn't perform nearly as well as Teredo, so you want to make sure you support Teredo as often as you can.
From: Southern California
Oh yes, I get that the second IP address is to determine what type of NAT the system is behind (I was at that meeting!) but I was always confused as to why it had to be consecutive. I don't expect this to be a problem for most organizations, although it might be for some. I'd think that if you, as the administrator, could specify which two IP addresses you wanted to use that would suffice.