none
2012 DirectAccess - 2x NICs behind Firewall

    Question

  • Hi All.

    I have a question about setting up DA on a 2012 Server that has 2x NICs (LAN and DMZ).

    The LAN NIC has an IP address of 192.168.1.24

    The DMZ NIC has an IP address of 10.0.0.24 (Firewall is forwarding the public IP traffic to 10.0.0.24)

    At first when I setup DA, I could not get the DA clients (all of which are Windows 7 Laptops) to see the DA server even though they were connected to the LAN (most of the Win7 clients are on a 192.168.80.x VLAN). The result was the Laptop clients Network Location switched to Public/Private and they were attempting to connect to the DA server as it they were external (which would fail because traffic can't go out the proxy, around and back in).

    In troubleshooting the problem, we realised LAN connected clients (DA and non-DA enabled clients) could not PING the DA server internally. At this point, someone suggested adding a Default Gateway onto the internal LAN NIC of the DA server and this enabled PING internally - I wasn't entirely comfortable with this knowing the LAN NIC shouldn't also have a Default Gateway, however magically the DA clients were now able to PIN the DA server and immediately their Network Location switched back onto the Domain location.

    (side note: Interestingly, I have another DA server implementation at a different site and the clients at that site also can't ping the internal LAN interface of their DA server and yet they don't have this problem.)

    Now what we're seeing is intermittent/random DA client connection issues. Every now and then a DA client will come back to work from home, the user will try to connect to the corporate LAN (usually coming out of Sleep or Hybernation) and the clients network location won't switch onto the Domain profile. The odd thing is, whilst one client is having the problem, 10 other clients are working fine. Sometimes (but not always) a reboot of the system will fix it.

    Can anyone point me in the direction of:

    a) NIC configuration for a DA server with 2x NICs, one on the LAN and one behind a Firewall/NAT

    b) any route entries required on the DA server when using 2x NICs and the internal LAN having multiple VLANs

    c) any troubleshooting ideas?

    Thanks

    Ben

    Saturday, January 26, 2013 10:22 PM

Answers