Solved

Direct Access 2012

Posted on 2014-03-26
5
642 Views
Last Modified: 2014-04-08
Hi All,

I am new to DA and i would like to be able to set up direct access so when you connect you are assigned different address to what currently is distributed from the DHCP server.

for example our internal address is 192.168.14.xx and i would like direct access to give a 192.168.40.XX

how do i configure this.

Thanks.
0
Comment
Question by:Dan130
  • 2
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39958304
You don't. DirectAccess relies on IPv6, not IPv4.
0
 
LVL 63

Expert Comment

by:btan
ID: 39958759
This is a good place to start into the configuration and as expert mentioned, it is IPv6 only hence typically there is need for NAT64 and DNS64 to be in place which they are both supported inherently into 2012 server. Also the use of RRAS  in the past is separate for 2008 so as to provides traditional VPN connectivity for legacy clients and non-domain members.And now 2012 combines the DirectAccess feature and the RRAS role service into a new unified server role. I suggest you check out this test lab guide.

This guide provides step-by-step instructions for configuring DirectAccess using the Getting Started Wizard in a test lab to demonstrate functionality of the simplified deployment experience. You will set up and deploy DirectAccess based on the Windows Server 2012 Base Configuration using five server computers and two client computers. The resulting test lab simulates an intranet, the Internet, and a home network, and demonstrates DirectAccess in different Internet connection scenarios.

MS DA is very PKI driven and that has to be fundamentally stable and setup before you delve into others, note it should be for domain joined client only too. You can check out this Common DirectAccess Implementation Mistakes

The full document set directory is available here and cna come in handy to start delving further into various scenarios
0
 
LVL 1

Author Comment

by:Dan130
ID: 39966769
Breadtan, i have configured the RA server already and its working fine but because of the IP address allocations it takes up i would like to assign a separate range DA users the, how is this done. static Routes? how do i remove the auto DHCP assignment,
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 39968051
Did you turn on any other remote access features, like PPTP or SSL VPN? That's where you'd adjust any DHCP leases being given to RRAS.

As I mentioned before DA uses IPv6. It does not (and cannot) use IPv4 so no IPv4 addresses are given to DA clients. The server will use NAT64 to give the client access to IPv4 resources on the corpnet, but since NAT64 does the translation, all IPv4 resources would communicate with the DA server and its IPv4 address. All traffic from the DA server ot the DA clients are IPv6 (over a public IPv4 tunnel) and thus no private IPv4 addresses are issues or used.

This has, in fact, been a point of confusion for new DA deployments. There are a few *client* apps that won't work with IPv6, and therefore wouldn't work ith DA, even when the DA connection itself was up and working right, causing much confusion. While most windows services and applications work with IPv6 (file sharing, print sharing, Outlook to Exchange, etc) there were a few third-party apps that refused to talk via IPv6. And even one MS program...Lync 2010 (or OCS pre-Lync) so these DA deployments would not run Lync connectivity properly. As an aside, Lync 2013 finally fully supports IPv6.

I mention all of this to illustrate and drive home the point that DA does *not* issue IPv4 addresses to clients. If you are seeing DHCP leases, they are for other non-DA RRAS features that may also have been turned on.

-Cliff
0
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 39968428
I suggest you can check our a step by step test lab setup which include setting the interface for the DA as well as the client side to get a clearer picture. The Client IP assignment is not part of DA as it is doing the 6to4 only with the prefix. You can see from the lab information that assignment is based on DHCP/DNS.

Besides the Ipv6 consideration as mentioned earlier by expert, please also be aware of Name Resolution Policy Table. When the DA client has disabled its DA client components, it resolves names based on the DNS server IP address settings on its NIC. However, when the DA client has enabled its DA client configuration, name resolution depends on the settings on the Name Resolution Policy Table or NRPT.

See this for more info http://technet.microsoft.com/en-us/magazine/ff394369.aspx

The lab also shared the configured of the NLS to be excluded. as a whole, I do not see the assignment from the DA aspect and if it is via VPN then the leasing is via the DHCP as already mentioned.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question