Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333.

Slides:

Advertisements

Similar presentations

Enabling Secure Internet Access with ISA Server

Advertisements

Configuring Internet Access for a Network. Overview Options for Connecting a Network to the Internet Configuring Internet Access by Using a Router Configuring.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

Copyright © 2014 EMC Corporation. All Rights Reserved. Basic Network Configuration for File Upon completion of this module, you should be able to: Configure.

WMS02: Direct Access Always Connected: Death of the VPN

Implementing IPv6 Module B 8: Implementing IPv6

DirectAccess Infrastructure Planning and Design Published: October 2009 Updated: November 2011.

17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.

Module 7: Configuring Access to Internal Resources.

Scott Roberts Lead Program Manager Microsoft Session Code: WSV320.

Direct Access, Do’s and Don’ts

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

Module 5: Configuring Access to Internal Resources.

DirectAccess is an Enterprise Solution: No support for Windows 7 Professional Requires two consecutive public IP addresses Cannot NAT to the DirectAccess.

Troubleshooting DirectAccess Clients Step by Step

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

1 Enabling Secure Internet Access with ISA Server.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

70-411: Administering Windows Server 2012

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | Certified Ethical Hacker | |

Installing a DHCP Server role on Windows Server 2008 R2 in a home network. This is intended as a guide to install the DHCP role on a Domain Controller.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Course 201 – Administration, Content Inspection and SSL VPN

資管 Lee Lesson 11 Coexistence and Migration. 資管 Lee Lesson Objectives Coexistence and migration overview Coexistence mechanisms ◦ Dual Stack ◦ Tunneling.

Gavin Carius Architect Microsoft Services SVR311.

A Brief Taxonomy of Firewalls

Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.

Firewall Typical Networking and Troubleshooting Common Faults.

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.

Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.

1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

資管 Lee Lesson 13 IPv6 and Name Resolution. 資管 Lee Lesson Objectives IPv6 name-to-address and address-to-name resolution IPv6 name resolution support.

TCP/IP Addressing & Subnetting Unit objectives Discuss TCP/IP addressing and determine the IP address class and default subnet mask Discuss subnetting.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

IPv6, the Protocol of the Future, Today Mathew Harris.

11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.

1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Security fundamentals Topic 10 Securing the network perimeter.

1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.

© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.

Dominik Zemp Microsoft Switzerland Ltd Liab. Co. Install and Configure Remote Access for SharePoint (and RemoteApp and DirectAccess)

Complete VM Mobility Across the Datacenter Server Virtualization Hyper-V 2012 Live Migrate VM and Storage to Clusters Live Migrate VM and Storage Between.

Windows Vista Configuration MCTS : Advanced Networking.

Pass Microsoft Installing and Configuring Windows Server 2012 exam in just 24 HOURS! 100% REAL EXAM QUESTIONS ANSWERS Microsoft Installing.

An Analysis on NAT Security

NAT、DHCP、Firewall、FTP、Proxy

Module 3: Enabling Access to Internet Resources

Enabling Secure Internet Access with TMG

Implementing TMG Server Publishing

Introducing To Networking

Server-to-Client Remote Access and DirectAccess

CIS 82 Routing Protocols and Concepts Chapter 11 NAT

Routing and Switching Essentials v6.0

Allocating IP Addressing by Using Dynamic Host Configuration Protocol

Chapter 10: Advanced Cisco Adaptive Security Appliance

Office 365 – How NOT to do it UKNOF43.

Computer Networks Protocols

Presentation transcript:

Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333

DirectAccess in Action

Version 1: Windows Server 2008 R2 Version 1.5: Windows Server 2008 R2 + UAG Version 2: Windows Server 2012

InternetCorporate Public IPv4 AddressingPrivate IPv4 Addressing DA Wizard Creates Group Policies DA Policy is applied to client Try to contact Internal Server (NLS) IPv4 Query for External DA Server IP Establish Direct Access Tunnel

Demonstration Simplified Direct Access Configuration & Improved Client Experience

Offline Provisioning of Direct Access Client

Djoin /provision /machine CLIENT1 /domain corp /policynames "DirectAccess Client Settings" /rootcacerts /savefile c:\files\provision.txt /reuse

DNS Query for DirectAccess-NLS.corp.domain.com HTTP Probe to check for availability IPv4 (A) DNS Query for da.domain.com Connect to external IP Address of the Direct Access Server, validate certificates Either using Kerberos or Certificate based Authentication

NAT64/DNS64 is the reason DA works on IPv4 Networks IPv6 Network IPv4 Network IPv6 Client fd00:fefe:1::bef1:2002 NAT64/DNS64 gateway (DA) IPv4-only Server Native IPv4 traffic Native IPv6 traffic DNS Server IPv6 Prefix - fd00:fefe:2::/96 IPv4 Internal Address – NAT64 device configured with /96 IPv6 prefix and IPv4 address pool 1. IPv6 Client sends DNS AAAA query for IPv4-only Server 2. NAT64 device forwards DNS AAAA query to authoritative DNS Server 3. DNS Server informs that no AAAA record exists for Server 4. NAT64 device sends DNS A query for Server 5. DNS Server replies with Server’s IPv4 address SERVER IN A s 6. DNS64 converts DNS A IPv4 response to an IPv6 AAAA one, adding IPv6 /96 prefix SERVER IN AAAA FD00:FEFE:2:: IPv6 Client sends connection packet to IPv6 address associated to the IPv4 receiver 8. NAT64 gateway translates the IPv6 packet to IPv4, dynamically associating the source IPv6 address with an IPv4 address from the pool 9. IPv4-only Server replies to the dynamic IPv4 address used by the NAT64 gateway 9. NAT64 gateway translates the IPv4 packet to IPv6 using the information in the translation table fd00:fefe:2:: TCP port 80 fd00:fefe:1::bef1:2002, TCP port TCP port TCP port 80

Extending Direct Access for Windows 7

InternetPerimeterCorporate Network External IPv4 DNS Record: Type: A Da.contoso.com Source Port 443 Destination: da.contoso.com -> Forward or -> NAT To Internal Firewall Source Port 443 Destination: da.contoso.com “Non Web HTTPS rule” to internal IP of Direct Access Server

You probably don't want to accept this default option

Both of these caused failed deployment until corrected