?
Solved

Direct Access 2012

Posted on 2014-03-26
5
Medium Priority
?
679 Views
Last Modified: 2014-04-08
Hi All,

I am new to DA and i would like to be able to set up direct access so when you connect you are assigned different address to what currently is distributed from the DHCP server.

for example our internal address is 192.168.14.xx and i would like direct access to give a 192.168.40.XX

how do i configure this.

Thanks.
0
Comment
Question by:Dan130
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39958304
You don't. DirectAccess relies on IPv6, not IPv4.
0
 
LVL 64

Expert Comment

by:btan
ID: 39958759
This is a good place to start into the configuration and as expert mentioned, it is IPv6 only hence typically there is need for NAT64 and DNS64 to be in place which they are both supported inherently into 2012 server. Also the use of RRAS  in the past is separate for 2008 so as to provides traditional VPN connectivity for legacy clients and non-domain members.And now 2012 combines the DirectAccess feature and the RRAS role service into a new unified server role. I suggest you check out this test lab guide.

This guide provides step-by-step instructions for configuring DirectAccess using the Getting Started Wizard in a test lab to demonstrate functionality of the simplified deployment experience. You will set up and deploy DirectAccess based on the Windows Server 2012 Base Configuration using five server computers and two client computers. The resulting test lab simulates an intranet, the Internet, and a home network, and demonstrates DirectAccess in different Internet connection scenarios.

MS DA is very PKI driven and that has to be fundamentally stable and setup before you delve into others, note it should be for domain joined client only too. You can check out this Common DirectAccess Implementation Mistakes

The full document set directory is available here and cna come in handy to start delving further into various scenarios
0
 
LVL 1

Author Comment

by:Dan130
ID: 39966769
Breadtan, i have configured the RA server already and its working fine but because of the IP address allocations it takes up i would like to assign a separate range DA users the, how is this done. static Routes? how do i remove the auto DHCP assignment,
0
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 750 total points
ID: 39968051
Did you turn on any other remote access features, like PPTP or SSL VPN? That's where you'd adjust any DHCP leases being given to RRAS.

As I mentioned before DA uses IPv6. It does not (and cannot) use IPv4 so no IPv4 addresses are given to DA clients. The server will use NAT64 to give the client access to IPv4 resources on the corpnet, but since NAT64 does the translation, all IPv4 resources would communicate with the DA server and its IPv4 address. All traffic from the DA server ot the DA clients are IPv6 (over a public IPv4 tunnel) and thus no private IPv4 addresses are issues or used.

This has, in fact, been a point of confusion for new DA deployments. There are a few *client* apps that won't work with IPv6, and therefore wouldn't work ith DA, even when the DA connection itself was up and working right, causing much confusion. While most windows services and applications work with IPv6 (file sharing, print sharing, Outlook to Exchange, etc) there were a few third-party apps that refused to talk via IPv6. And even one MS program...Lync 2010 (or OCS pre-Lync) so these DA deployments would not run Lync connectivity properly. As an aside, Lync 2013 finally fully supports IPv6.

I mention all of this to illustrate and drive home the point that DA does *not* issue IPv4 addresses to clients. If you are seeing DHCP leases, they are for other non-DA RRAS features that may also have been turned on.

-Cliff
0
 
LVL 64

Assisted Solution

by:btan
btan earned 750 total points
ID: 39968428
I suggest you can check our a step by step test lab setup which include setting the interface for the DA as well as the client side to get a clearer picture. The Client IP assignment is not part of DA as it is doing the 6to4 only with the prefix. You can see from the lab information that assignment is based on DHCP/DNS.

Besides the Ipv6 consideration as mentioned earlier by expert, please also be aware of Name Resolution Policy Table. When the DA client has disabled its DA client components, it resolves names based on the DNS server IP address settings on its NIC. However, when the DA client has enabled its DA client configuration, name resolution depends on the settings on the Name Resolution Policy Table or NRPT.

See this for more info http://technet.microsoft.com/en-us/magazine/ff394369.aspx

The lab also shared the configured of the NLS to be excluded. as a whole, I do not see the assignment from the DA aspect and if it is via VPN then the leasing is via the DHCP as already mentioned.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Local Printing Using Remote Desktop Windows 7 sometimes has issues with printing to a local printer using a Remote Desktop Connection (RDC). The 1st step is to verify that printers are checked on the Local Resources tab of the Remote Desktop C…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question