+ Reply to Thread
Results 1 to 8 of 8
  1. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #1

    Default Microsoft Direct Access

    I have been watching the videos that came with my, "Configuring Windows 7" DVD. Seems like a really VPN feature. Anyone have any thoughts on this feature that comes with Server 2008 R2?
    Last edited by veritas_libertas; 04-07-2010 at 01:14 PM.
    Currently working on: Resting
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Jul 2009
    Posts
    2,056

    Certifications
    Beer+
    #2
    Its designed to be a VPN without the VPN.

    It can be confusing for users to understand the difference in their network connections when they are and are not connected to a VPN. DirectAccess makes it seamless by allowing them to get to network resources inside the corporate network without doing anything special on their end.

    Its pretty cool, but the requirement of 2008 R2, 7 Enterprise or Ultimate, IP v6, etc makes it unlikely that it will be widely adopted very soon. In a few years it may become prominent.
    Reply With Quote Quote  

  4. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #3
    I like what I am seeing but I think it's strange that it require IPv6. Do you know why they are requiring that?
    Currently working on: Resting
    Reply With Quote Quote  

  5. Still a noob earweed's Avatar
    Join Date
    Mar 2010
    Location
    Mobile, Alabama
    Posts
    5,176

    Certifications
    BSIT, Proj+, A+, Net+, Sec+: MCTS: X5; MCITP:EA
    #4
    Here's an article on it from trainsignas website. You may have already seen this VL. It mentions in the configuration setting about how to use it if your network doesn't use IPv6. You have to have two NIC's on your server and you have to enable IPv6 on your server (The two nic's are configured with IPv4 addresses)
    Windows Server HQ by Train Signal.com Direct Access: How It Works And How To Configure It
    This may be just a rehash of what you have already seen.
    No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
    Reply With Quote Quote  

  6. BOBBY_TABLES RobertKaucher's Avatar
    Join Date
    Dec 2007
    Location
    Lebanon, Ohio - USA
    Posts
    4,274

    Certifications
    MCSD Web Apps/SharePoint Applications, MCITP: DBA 2005/2008, EA, EDA7, Linux+, Sec+, MCSE, MCDST, MCTS
    #5
    Quote Originally Posted by veritas_libertas View Post
    I like what I am seeing but I think it's strange that it require IPv6. Do you know why they are requiring that?
    Because clients are required to have globally unique addresses. Remember the idea is that it is a system that allows you to connect directly to the work network via an IPSec tunnel. There is no VPN level authentication nor does the DA server hand out an IP address tot he client. The DA server just sees you have a cert that belongs to the domain, the pc belongs to the domain and you go. No cert, you cannot talk to the DA server over IPSec so you cannot get in.
    Reply With Quote Quote  

  7. Still a noob earweed's Avatar
    Join Date
    Mar 2010
    Location
    Mobile, Alabama
    Posts
    5,176

    Certifications
    BSIT, Proj+, A+, Net+, Sec+: MCTS: X5; MCITP:EA
    #6
    So is there anything special we need to do with IPv6 that we can't already do?
    No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
    Reply With Quote Quote  

  8. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #7
    @RobertK: So you are saying that your Windows 7 PC creates a static IP for this, and doesn't ask a DHCP server for an IP?
    Currently working on: Resting
    Reply With Quote Quote  

  9. BOBBY_TABLES RobertKaucher's Avatar
    Join Date
    Dec 2007
    Location
    Lebanon, Ohio - USA
    Posts
    4,274

    Certifications
    MCSD Web Apps/SharePoint Applications, MCITP: DBA 2005/2008, EA, EDA7, Linux+, Sec+, MCSE, MCDST, MCTS
    #8
    Quote Originally Posted by earweed View Post
    So is there anything special we need to do with IPv6 that we can't already do?
    Not have to use NAT or some other sort of technology. With IPv6 each person alive today could be assigned several billion IPv6 addresses and we would still have A LOT of room to grow. By requiring IPv6 MS has
    1. Declared their support for transitioning to this technology as soon as possible
    and
    2. Made the technology simpler to implement once the transition is in place.

    You don't have to deal with NAT, with VPN administration/purchase cost/licensing/etc. Simplicity and cost are a big deal. Less TCO and fewer limitations and frustrations on end users. This totally blurs the lines between office based/remote work force. Imagine how many more would work from home if they did not have to deal with VPN related issues? The trick is we cannot do this easily without a larger address pool.

    @veritas_libertas - No. The ultimate goal of the idea would be that each device had its own routable IP address. So I connect via my"Air Card" or whatever and I am assigned an IPv6 address from my ISP and then I just click on my U drive and I have instant access to all my stuff at work. I don't have to worry about the VPN password changing or anything. I am authenticated by my DC and the communication is all done with the security of certificates and the ease of SSO via you already in place AD.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks