Presentation is loading. Please wait.

Presentation is loading. Please wait.

Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333.

Published byGregory Birchfield Modified over 9 years ago

Similar presentations

Presentation on theme: "Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333."— Presentation transcript:

1 Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333

2

3 DirectAccess in Action

4

5

6 Version 1: Windows Server 2008 R2 Version 1.5: Windows Server 2008 R2 + UAG Version 2: Windows Server 2012

7

8 InternetCorporate Public IPv4 AddressingPrivate IPv4 Addressing DA Wizard Creates Group Policies DA Policy is applied to client Try to contact Internal Server (NLS) IPv4 Query for External DA Server IP Establish Direct Access Tunnel

9 Demonstration Simplified Direct Access Configuration & Improved Client Experience

10

11

12

13

14

15

16

17

18 Offline Provisioning of Direct Access Client

19 Djoin /provision /machine CLIENT1 /domain corp /policynames "DirectAccess Client Settings" /rootcacerts /savefile c:\files\provision.txt /reuse

20

21 DNS Query for DirectAccess-NLS.corp.domain.com HTTP Probe to check for availability IPv4 (A) DNS Query for da.domain.com Connect to external IP Address of the Direct Access Server, validate certificates Either using Kerberos or Certificate based Authentication

22 NAT64/DNS64 is the reason DA works on IPv4 Networks IPv6 Network IPv4 Network IPv6 Client fd00:fefe:1::bef1:2002 NAT64/DNS64 gateway (DA) 172.16.0.20 IPv4-only Server Native IPv4 traffic Native IPv6 traffic DNS Server 172.16.0.2 IPv6 Prefix - fd00:fefe:2::/96 IPv4 Internal Address – 172.16.0.100 NAT64 device configured with /96 IPv6 prefix and IPv4 address pool 1. IPv6 Client sends DNS AAAA query for IPv4-only Server 2. NAT64 device forwards DNS AAAA query to authoritative DNS Server 3. DNS Server informs that no AAAA record exists for Server 4. NAT64 device sends DNS A query for Server 5. DNS Server replies with Server’s IPv4 address SERVER IN A 172.16.0.20s 6. DNS64 converts DNS A IPv4 response to an IPv6 AAAA one, adding IPv6 /96 prefix SERVER IN AAAA FD00:FEFE:2::172.16.0.20 7. IPv6 Client sends connection packet to IPv6 address associated to the IPv4 receiver 8. NAT64 gateway translates the IPv6 packet to IPv4, dynamically associating the source IPv6 address with an IPv4 address from the pool 9. IPv4-only Server replies to the dynamic IPv4 address used by the NAT64 gateway 9. NAT64 gateway translates the IPv4 packet to IPv6 using the information in the translation table fd00:fefe:2::172.16.0.20 TCP port 80 fd00:fefe:1::bef1:2002, TCP port 1025 172.16.0.101 TCP port 1060 172.16.0.20 TCP port 80

23

24

25 Extending Direct Access for Windows 7

26

27

28

29 InternetPerimeterCorporate Network External IPv4 DNS Record: Type: A Da.contoso.com Source Port 443 Destination: da.contoso.com -> Forward or -> NAT To Internal Firewall Source Port 443 Destination: da.contoso.com “Non Web HTTPS rule” to internal IP of Direct Access Server

30

31 You probably don't want to accept this default option

32 Both of these caused failed deployment until corrected

33

34

Download ppt "Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Configuring Internet Access for a Network. Overview Options for Connecting a Network to the Internet Configuring Internet Access by Using a Router Configuring.

Configuring Internet Access for a Network. Overview Options for Connecting a Network to the Internet Configuring Internet Access by Using a Router Configuring.
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
Copyright © 2014 EMC Corporation. All Rights Reserved. Basic Network Configuration for File Upon completion of this module, you should be able to: Configure.

Copyright © 2014 EMC Corporation. All Rights Reserved. Basic Network Configuration for File Upon completion of this module, you should be able to: Configure.
WMS02: Direct Access Always Connected: Death of the VPN

WMS02: Direct Access Always Connected: Death of the VPN
Implementing IPv6 Module B 8: Implementing IPv6

Implementing IPv6 Module B 8: Implementing IPv6
DirectAccess Infrastructure Planning and Design Published: October 2009 Updated: November 2011.

DirectAccess Infrastructure Planning and Design Published: October 2009 Updated: November 2011.
17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.

17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.
Module 7: Configuring Access to Internal Resources.

Module 7: Configuring Access to Internal Resources.
Scott Roberts Lead Program Manager Microsoft Session Code: WSV320.

Scott Roberts Lead Program Manager Microsoft Session Code: WSV320.
Direct Access, Do’s and Don’ts

Direct Access, Do’s and Don’ts
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
DirectAccess is an Enterprise Solution: No support for Windows 7 Professional Requires two consecutive public IP addresses Cannot NAT to the DirectAccess.

DirectAccess is an Enterprise Solution: No support for Windows 7 Professional Requires two consecutive public IP addresses Cannot NAT to the DirectAccess.
Troubleshooting DirectAccess Clients Step by Step

Troubleshooting DirectAccess Clients Step by Step
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
70-411: Administering Windows Server 2012

70-411: Administering Windows Server 2012

Similar presentations

Ads by Google