Solved

Direct Access 2012

Posted on 2014-03-26
5
621 Views
Last Modified: 2014-04-08
Hi All,

I am new to DA and i would like to be able to set up direct access so when you connect you are assigned different address to what currently is distributed from the DHCP server.

for example our internal address is 192.168.14.xx and i would like direct access to give a 192.168.40.XX

how do i configure this.

Thanks.
0
Comment
Question by:Dan130
  • 2
  • 2
5 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
You don't. DirectAccess relies on IPv6, not IPv4.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
This is a good place to start into the configuration and as expert mentioned, it is IPv6 only hence typically there is need for NAT64 and DNS64 to be in place which they are both supported inherently into 2012 server. Also the use of RRAS  in the past is separate for 2008 so as to provides traditional VPN connectivity for legacy clients and non-domain members.And now 2012 combines the DirectAccess feature and the RRAS role service into a new unified server role. I suggest you check out this test lab guide.

This guide provides step-by-step instructions for configuring DirectAccess using the Getting Started Wizard in a test lab to demonstrate functionality of the simplified deployment experience. You will set up and deploy DirectAccess based on the Windows Server 2012 Base Configuration using five server computers and two client computers. The resulting test lab simulates an intranet, the Internet, and a home network, and demonstrates DirectAccess in different Internet connection scenarios.

MS DA is very PKI driven and that has to be fundamentally stable and setup before you delve into others, note it should be for domain joined client only too. You can check out this Common DirectAccess Implementation Mistakes

The full document set directory is available here and cna come in handy to start delving further into various scenarios
0
 
LVL 1

Author Comment

by:Dan130
Comment Utility
Breadtan, i have configured the RA server already and its working fine but because of the IP address allocations it takes up i would like to assign a separate range DA users the, how is this done. static Routes? how do i remove the auto DHCP assignment,
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
Comment Utility
Did you turn on any other remote access features, like PPTP or SSL VPN? That's where you'd adjust any DHCP leases being given to RRAS.

As I mentioned before DA uses IPv6. It does not (and cannot) use IPv4 so no IPv4 addresses are given to DA clients. The server will use NAT64 to give the client access to IPv4 resources on the corpnet, but since NAT64 does the translation, all IPv4 resources would communicate with the DA server and its IPv4 address. All traffic from the DA server ot the DA clients are IPv6 (over a public IPv4 tunnel) and thus no private IPv4 addresses are issues or used.

This has, in fact, been a point of confusion for new DA deployments. There are a few *client* apps that won't work with IPv6, and therefore wouldn't work ith DA, even when the DA connection itself was up and working right, causing much confusion. While most windows services and applications work with IPv6 (file sharing, print sharing, Outlook to Exchange, etc) there were a few third-party apps that refused to talk via IPv6. And even one MS program...Lync 2010 (or OCS pre-Lync) so these DA deployments would not run Lync connectivity properly. As an aside, Lync 2013 finally fully supports IPv6.

I mention all of this to illustrate and drive home the point that DA does *not* issue IPv4 addresses to clients. If you are seeing DHCP leases, they are for other non-DA RRAS features that may also have been turned on.

-Cliff
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
Comment Utility
I suggest you can check our a step by step test lab setup which include setting the interface for the DA as well as the client side to get a clearer picture. The Client IP assignment is not part of DA as it is doing the 6to4 only with the prefix. You can see from the lab information that assignment is based on DHCP/DNS.

Besides the Ipv6 consideration as mentioned earlier by expert, please also be aware of Name Resolution Policy Table. When the DA client has disabled its DA client components, it resolves names based on the DNS server IP address settings on its NIC. However, when the DA client has enabled its DA client configuration, name resolution depends on the settings on the Name Resolution Policy Table or NRPT.

See this for more info http://technet.microsoft.com/en-us/magazine/ff394369.aspx

The lab also shared the configured of the NLS to be excluded. as a whole, I do not see the assignment from the DA aspect and if it is via VPN then the leasing is via the DHCP as already mentioned.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Remote Desktop Connections allow you to control remote host machines via the magic of the Internet and RDP (Remote Desktop Protocol). For the purposes of this article we will assume you are connecting from your home PC or laptop to a remote offic…
Let’s list some of the technologies that enable smooth teleworking. 
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now