none
Direct Access 2012 Force Tunnelling exemptions don't work

    Question

  • Hi,

    I'm setting up DA in force tunnelling mode using IPHTTPS as I'm behind a NAT firewall. It works fine (as in when i'm external it auto connects and I can access internal resources) apart from I want to add exemptions for Lync. Any exemptions that I add within NRPT bare unresolvable in DNS when I am connected over DA.

    Does anyone have any ideas?

    Thanks, Jez

    Friday, March 14, 2014 1:36 PM

All replies

  • Hi,

    Enabling force tunneling feature in URA console does two things :

    -Provide a name resolution for any name Intranet & Internet

    -Force all traffic to go throught the tunnel

    Just disable force tunneling and configure * as NRPT entry inclunig your Lync exception it will work.

     


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Friday, March 14, 2014 4:19 PM
  • Hi,

    Yes I see - ALL traffic goes through the tunnel including the DNS request for the exemptions. Which is why it doesn't work.

    The problem I have now is that NRPT won't accept * as a valid suffix. Whenever I try to put that in it gives me an error saying the DNS suffix is not valid.

    The only way I can see this working is if I put in my lync exemptions and then add in every public suffix there is ie com co.uk net ....etc to go through the tunnel.

    Thanks, Jez

    Monday, March 17, 2014 10:07 AM
  • Hi

    My fault. It's not the "*" but ".". And it will be accepted by the Remote Access Management console. Once done, you can disable the force tunneling feature. Just be sure your internal DNS servers will be able to resolve internet names.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Monday, March 17, 2014 6:04 PM