• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

What source IP address will network devices see for DA Clients?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What source IP address will network devices see for DA Clients? Page: [1]
Login
Message << Older Topic   Newer Topic >>
What source IP address will network devices see for DA ... - 26.Apr.2010 12:14:09 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
What IP address will network devices see related to DA client connections?

The answer is "it depends"

If you're using NAT64/DNS64, then like with other NAT solutions, you'll see the source IP address to be the IP address of the internal interface of the UAG server.

For non-IPv4 communications, you'll see IPv6 addresses.
6to4 uses 2002::/16
Teredo uses 2001::/32 with the next 32 bits as the v4 address of the DA server.
IP-HTTPS would have a specified prefix that you can see when you do a ipconfig or you can find that information in the DA configuration console in the UAG management console.

While I consider this interesting and potentially useful information, it does seem to carry on some legacy thinking about VPN clients and trying to equate them with DA clients. This is a mistaken way of thinking and isn't consistent with how you should think of DA clients. The right way to think of DA clients is that *they are no different than any other clients - including those clients that are currently connected to the corpnet*

As discussed in a security paper that we'll be releasing soon as DA client security - the DA client should be considered no more or less secure than any other hosts on or off your network. Since there are relatively few client systems that never leave the corpnet these days, the DA client security model representsthe new defacto standard.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What source IP address will network devices see for DA Clients? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts