Solved

Direct Access 2012

Posted on 2014-03-26
5
624 Views
Last Modified: 2014-04-08
Hi All,

I am new to DA and i would like to be able to set up direct access so when you connect you are assigned different address to what currently is distributed from the DHCP server.

for example our internal address is 192.168.14.xx and i would like direct access to give a 192.168.40.XX

how do i configure this.

Thanks.
0
Comment
Question by:Dan130
  • 2
  • 2
5 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39958304
You don't. DirectAccess relies on IPv6, not IPv4.
0
 
LVL 62

Expert Comment

by:btan
ID: 39958759
This is a good place to start into the configuration and as expert mentioned, it is IPv6 only hence typically there is need for NAT64 and DNS64 to be in place which they are both supported inherently into 2012 server. Also the use of RRAS  in the past is separate for 2008 so as to provides traditional VPN connectivity for legacy clients and non-domain members.And now 2012 combines the DirectAccess feature and the RRAS role service into a new unified server role. I suggest you check out this test lab guide.

This guide provides step-by-step instructions for configuring DirectAccess using the Getting Started Wizard in a test lab to demonstrate functionality of the simplified deployment experience. You will set up and deploy DirectAccess based on the Windows Server 2012 Base Configuration using five server computers and two client computers. The resulting test lab simulates an intranet, the Internet, and a home network, and demonstrates DirectAccess in different Internet connection scenarios.

MS DA is very PKI driven and that has to be fundamentally stable and setup before you delve into others, note it should be for domain joined client only too. You can check out this Common DirectAccess Implementation Mistakes

The full document set directory is available here and cna come in handy to start delving further into various scenarios
0
 
LVL 1

Author Comment

by:Dan130
ID: 39966769
Breadtan, i have configured the RA server already and its working fine but because of the IP address allocations it takes up i would like to assign a separate range DA users the, how is this done. static Routes? how do i remove the auto DHCP assignment,
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 39968051
Did you turn on any other remote access features, like PPTP or SSL VPN? That's where you'd adjust any DHCP leases being given to RRAS.

As I mentioned before DA uses IPv6. It does not (and cannot) use IPv4 so no IPv4 addresses are given to DA clients. The server will use NAT64 to give the client access to IPv4 resources on the corpnet, but since NAT64 does the translation, all IPv4 resources would communicate with the DA server and its IPv4 address. All traffic from the DA server ot the DA clients are IPv6 (over a public IPv4 tunnel) and thus no private IPv4 addresses are issues or used.

This has, in fact, been a point of confusion for new DA deployments. There are a few *client* apps that won't work with IPv6, and therefore wouldn't work ith DA, even when the DA connection itself was up and working right, causing much confusion. While most windows services and applications work with IPv6 (file sharing, print sharing, Outlook to Exchange, etc) there were a few third-party apps that refused to talk via IPv6. And even one MS program...Lync 2010 (or OCS pre-Lync) so these DA deployments would not run Lync connectivity properly. As an aside, Lync 2013 finally fully supports IPv6.

I mention all of this to illustrate and drive home the point that DA does *not* issue IPv4 addresses to clients. If you are seeing DHCP leases, they are for other non-DA RRAS features that may also have been turned on.

-Cliff
0
 
LVL 62

Assisted Solution

by:btan
btan earned 250 total points
ID: 39968428
I suggest you can check our a step by step test lab setup which include setting the interface for the DA as well as the client side to get a clearer picture. The Client IP assignment is not part of DA as it is doing the 6to4 only with the prefix. You can see from the lab information that assignment is based on DHCP/DNS.

Besides the Ipv6 consideration as mentioned earlier by expert, please also be aware of Name Resolution Policy Table. When the DA client has disabled its DA client components, it resolves names based on the DNS server IP address settings on its NIC. However, when the DA client has enabled its DA client configuration, name resolution depends on the settings on the Name Resolution Policy Table or NRPT.

See this for more info http://technet.microsoft.com/en-us/magazine/ff394369.aspx

The lab also shared the configured of the NLS to be excluded. as a whole, I do not see the assignment from the DA aspect and if it is via VPN then the leasing is via the DHCP as already mentioned.
0

Featured Post

ScreenConnect 6.0 Free Trial

Check out the updates in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI that improves session organization and overall user experience. See the enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I'll explain how to setup a Plex Media Server (https://plex.tv/) on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now