When your DirectAccess client is somewhere outside the corporate network, it will always be connnected to your corporate network. However, there may be some resources that the DA client won't be able to connect to. Examples of such resources or those that require a client application that doesn't support IPv6, or when the DA client computer needs to connect to a server resource that doesn't support IPv6. Another example is when the application protocol embeds IPv4 addresses or other information that the NAT64 component can't access.
When this happens you can start an SSTP connection to the UAG DA server and work over IPv4 only. That will allow you to connect using only IPv4 and work with these legacy client and server applciations. However, after you connect the SSTP link, the DirectAccess IPsec tunnels will drop, since the client will be able to connect to the Network Location Server. You won't notice any problem, since you'll have complete connectivity over IP4. When you disconnect the SSTP connection, the IPsec tunnels will come up again and the computer will act as a DiretAccess client again.
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
...and it works like a dream
We also use fallback to SSTP (via UAG Remote Network Access application) when the DA client is in a location that is not DA friendly (auth outbound proxy) or some other DA problem.
Yes, also useful for the authenticating web proxy problem :)
There's got to be some other people who are interested in DirectAccess! It's always a hot topic at TechEd and other conferences. Is it so easy that no one has any problems with it and so they don't have any questions?
I think over time ISAserver.org will be transitioning away from ISA and TMG and toward UAG, or provide a greater mix of TMG and UAG content.
Oh well, I'll continue with "firm, constant, pressure" and hope that when a critical mass is accumulated, isaserver.org will be in the right place to provide people the information they need to supplement what's available over on ms.com.
I think the TechNet wiki is going to be a great place too. The only limitation, and it's a significant one, is that it really doesn't fully support graphics, unless you want to save each one to a file, then manually insert it into the wiki article. Not very elegant and wastes too much time to put pictures in, so isaserver.org will be able to fill in that gap.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What happens if I start an SSTP connection on my DirectAccess client? 
What happens if I start an SSTP connection on my Direct... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread