Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Windows server 2012 Direct Access

Unanswered Windows server 2012 Direct Access

  • Saturday, October 06, 2012 12:47 PM
     
     
    Sign In to Vote
    0
    0

    hi all,

    i had implemented Direct Access with windows 2008 R2 and UAG SP1 before and i want to deploy the DA with Windows server 2012 now i have some questions

    1- In the UAG or windows 2008 R2 we must have 2 Consecutive  Public IP addresses on the External NIC and create 2 DNS records pointing to the first IP but now in windows 2012 we can use NAT so do i need 2 IP's on the DMZ and NAT the 2 public IP's from the firewall to the 2 IP's on the DMZ and regarding the 2 DNS records do i still need to create them?

    2- and regarding my windows 7 clients i red that i must configure the same old CA configuration?

    Thanks

    Tarek Khairy

     

All Replies

  • Sunday, October 07, 2012 2:16 PM
     
     
    Sign In to Vote
    0

    Hi,

    1 - I'm not absolute sure, but I belive that you need two IPs without NAT. My explanation would be the necessary redundancy that you get with two IPs. Please correct me if this should not be true.

    2 - Don't understand what you mean...

    Bye


    • Edited by physical_layer Sunday, October 07, 2012 2:23 PM Leerzeichen vergessen
    •  
     
  • Thursday, October 25, 2012 5:14 PM
     
     
    Sign In to Vote
    0
    0

    hi all,

    i had implemented Direct Access with windows 2008 R2 and UAG SP1 before and i want to deploy the DA with Windows server 2012 now i have some questions

    1- In the UAG or windows 2008 R2 we must have 2 Consecutive  Public IP addresses on the External NIC and create 2 DNS records pointing to the first IP but now in windows 2012 we can use NAT so do i need 2 IP's on the DMZ and NAT the 2 public IP's from the firewall to the 2 IP's on the DMZ and regarding the 2 DNS records do i still need to create them?

    2- and regarding my windows 7 clients i red that i must configure the same old CA configuration?

    Thanks

    Tarek Khairy

    A1: You only need two public IP addresses if you want to support Teredo. If you use a single private address with NAT, only IP-HTTPS will be enabled for client connections. You can still use the old two public IP addresses approach if you want to...

    A2: Yes, Windows 7 clients still require IPSec certificates from an internal CA (PKI).

    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk