• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Several DirectAccess questions

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> Several DirectAccess questions Page: [1]
Message << Older Topic   Newer Topic >>
Several DirectAccess questions - 2.Jan.2011 4:01:30 AM   


Posts: 4
Joined: 2.Jan.2011
Status: offline
I sent Tom an email several days ago after reading some articles on "The Edge Man" blog, but then I found these forums so I'll post my questions here too.

Question/issue 1:
Iím in the process of putting together a DirectAccess solution for a small client of mine that needs the features of DirectAccess but canít lay down the cash for multiple physical servers or UAG.  They donít need the additional complexities of access to IPv4 only resources as this is basically going to be a new network starting from scratch.  I know this may not be ideal from a performance perspective because of the many shared roles and limited scalability, but this is not going to be a network with many users; rather it will be a network of a dozen or so kiosks that will always be remotely connected.  Iím starting to experiment some but havenít found many resources for the absolute simplest implementation of DirectAccess.

I will certainly be going through the test lab documentation and other papers from Microsoft regarding the set up, but I thought Iíd ask just in case anyone knows of some resources I haven't found yet (or just has some good tidbits of info themselves).

My concept is this:
1)    A single physical server running Win2008 R2 as the domain controller (also DNS server, DHCP server, CA, NL server, File Server)
2)    A virtual server within that physical server running Win2008 R2 as the DirectAccess server
3)    The server will have the appropriate dedicated physical NICs (one internal facing for the domain controller, one internal facing for the DirectAccess server, one external facing for the DirectAccess server)
4)    A firewall appliance will sit in between the external NIC of the DirectAccess server and the internet connection to provide basic protection (not NAT, just firewall)
5)    The remote kiosk clients will, of course, be running Win7 Enterprise

What Iíd ultimately really love is a "test lab" document similar to the one  already out there from Microsoft but designed to interface with the real internet instead of a fake internet.  The document makes several references to "problems" trying to adapt that test environment into a real world scenario, but it doesnít give a whole lot of information about what "problems" they are referring to.

Question 2:
What are the advantages/disadvantages of using a native IPv6 infrastructure (with a tunnel broker like Hurricane Electric) vs just using ISATAP?  Are there any compelling reasons to go ahead and go native (especially if the network is going to be new with no legacy devices)?

Question 3:
What are the security implications with opening up inbound IPv6 traffic into your network?  Since DirectAccess requires Protocol 41 traffic to be let through the firewall directly to the external NIC on the DirectAccess server, doesn't this open up some potential security issues without an IPv6 firewall in place?  Maybe I am missing something, but since Protocol 41 is encapsulating ALL IPv6 traffic in IPv4 packets isn't letting Protocol 41 traffic through essentially the same thing as having a computer directly connected to the IPv6 internet with no firewall at all?

Sorry for the lengthy post, but I'd love some feedback.
Post #: 1
RE: Several DirectAccess questions - 25.Jan.2011 9:36:48 AM   


Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
For everyone - you can find the answers in my blog over at:




Thomas W Shinder, M.D.

(in reply to dlong500)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> Several DirectAccess questions Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts