none
how DA client will access local file server in DA client subnet RRS feed

  • Question

  • Hi,

    We have setup directaccess in our environment and everything is working fine except the client facing issues of slowness in accessing files from file server located in data center. This file server is used only by the users on directaccess site. We are discussing to place the server in directaccess client subnet so that client will work more efficiently.

    We have configured the vpn tunnel between directaccess site and data center to manage the printers remotely. Since vpn tunnel is in place and to enable the client to use directaccess connection we have blocked the port of NLS server so that client will connect with directaccess only.

    Local file server will communicate with data center on vpn tunnel.

    My query is to know would client be able to communicate with local file server directly as both are in the same subnet with \\IPAddress  of local file server when client connected with directaccess. Also, if we required to access the file server with short name or fqdn does that required entry in host file of client accessing the server ?

    I Think when DA client working from home the client will still access the file server and  the traffic for local file server will routed from datacenter to local file server on vpn tunnel.

    Any help would be highly appreciated.





    • Edited by achievers Thursday, July 24, 2014 4:53 AM
    Thursday, July 24, 2014 4:43 AM

Answers

  • Hi - as long as the traffic routing is configured correctly on the DA Server using static routes the traffic will be able to reach any resources you require. However, can i point out that a hosts file and \\ipaddress will not work over direct access - you must access using shortname or fqdn.

    john davies

    • Marked as answer by achievers Monday, August 11, 2014 2:42 AM
    Saturday, July 26, 2014 6:03 AM

All replies

  • Hi - as long as the traffic routing is configured correctly on the DA Server using static routes the traffic will be able to reach any resources you require. However, can i point out that a hosts file and \\ipaddress will not work over direct access - you must access using shortname or fqdn.

    john davies

    • Marked as answer by achievers Monday, August 11, 2014 2:42 AM
    Saturday, July 26, 2014 6:03 AM
  • Yes I have found it easiest to add all of the RFC 1918 private address ranges as static routes on my multi-homed DirectAccess servers.

    10.0.0.0        -   10.255.255.255  (10/8 prefix)
    172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
    192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

    This will allow connectivity to almost all private IP ranges. You can offcourse just add the range/subnet of your internal LAN....

    Monday, July 28, 2014 5:08 PM
  • Hi There - although good advice from Ryan I personally would NOT open up all ranges as this increases the security footprint and surface area. Add the specific range you require routing to on the DA Server using static routes.

    john davies

    Tuesday, July 29, 2014 7:06 AM
  • Routing in place. admin from GDC can manage the printers on directaccess sites on management tunnel.

    Monday, August 4, 2014 2:45 AM
  • Hi There - has this now resolved your issue ?

    John Davies

    Monday, August 4, 2014 10:57 AM
  • Hi,

    We have not tested it yet. Since there are less no. of uses and most of them working from home. We will update after testing

    Tuesday, August 5, 2014 2:35 AM
  • Hi john,

    However my concern was is this possible for directaccess client to communicate with local server directly without routing from DA server since both server and client are connected with ADSL router.

    • Edited by achievers Tuesday, August 5, 2014 6:35 AM
    Tuesday, August 5, 2014 6:34 AM
  • Hi There - as always it is better to place the files / resources where the best links are - so to answer your question - if the local file server has unreliable or slow links then it would be better to locate them centrally and investigate something like DFS Replication between the central file server and local file server. There is no reason why DA Clients cannot access the resources with the exception of reliable / fast links.

    John Davies

    Tuesday, August 5, 2014 8:24 AM
  • Hi Jphn,

    We had tested and able to access the local file server with shortname

    Monday, August 11, 2014 2:45 AM
  • HI, I have also deployed DA on server 2008 R2 but my client is facing following issues:

    1. DA client can't access my file server or NAS drive

    2. DA client can't get shared printer

    3. DA client is not able to ping any other systems except DC , Webserver NLS and Direct Access server.

    HI, can u tell me that your Direct access client is now able to do the following tasks:

    1. can able to access file server or NAS drive

    2. Can able to access shared folder, after sharing it from any system of internal network

    3. Can able to ping IPv4 or how to use shared printer for remote DA client in windows server 2008 R2



    pwnkmr

    Tuesday, March 24, 2015 10:20 PM
  • Hi,

    Please find the my answers.

    1: can able to access file server or NAS drive.

    Yes, we are able to access file server. But since there was latency because the traffic was going from GDC to remote site where the server exits(DA client and file server on same site). due to latency issue we had decided to move the file server on DMVPN and mapped the drives with ip address so that client can directly access the shared folder without routing the traffic from GDC. We also mapped the shared drive with hostname so that they can access the shared folder while working from home and in this case the traffic goes through DA server

    2: Can able to access shared folder, after sharing it from any system of internal network

    Yes, we are able to access shared folders from server hosted in GDC and RDC. however for some server we found that SMB port 445 was blocked between DA server and file server.

    3: Can able to ping IPv4 or how to use shared printer for remote DA client in windows server 2008 R2

    yes, we are able to ping IPv4 of server in same subnet  where only ADSL is present. we have created VLAN's and blocked the port 443 in DMVPN from remote site to GDC server so that client will connect with DA to access internal resources. this DMVPN is also used to manage printers on remote sites.

    since server and clients are on same subnet , it would be good to access  printers and shared folders on ip address of file server so that communication wouldn't go through DA server. however the same is accessible with hostname.


    • Edited by achievers Wednesday, March 25, 2015 3:36 AM
    • Proposed as answer by pwnkmr Wednesday, March 25, 2015 9:57 PM
    Wednesday, March 25, 2015 3:35 AM
  • Thanks achievers, for your quick reply,

    1. As ans no.3 you said IPv4 is pinged by DA clients I think you are using VPN with it.

    2. I am facing issue as i have shared folder on my Direct access server but my DA client is not able to access it by its host name or any other type. but through public IP DA client is being access it SO can you tell me where is the issue exist, because if folder is being accessed by public IP its mean there is 445 SMB port allowed.

    3.  what is fform of DMVPN, GDC and RDC.

    pls reply


    pwnkmr

    Wednesday, March 25, 2015 9:26 PM
  • Hi,

    As ans no.3 you said IPv4 is pinged by DA clients I think you are using VPN with it.

    We are using DMVPN to manage the printer from GDC(Global Data Center) in Europe. But since file server and client are located in same remote site, they can ping with IPv4. when pinging server with netbios or fqdn, the traffic goes from DA tunnel and results in high latency.
    Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a virtual private network (VPN) supported on Cisco IOS-based routers

    2. I am facing issue as i have shared folder on my Direct access server but my DA client is not able to access it by its host name or any other type. but through public IP DA client is being access it SO can you tell me where is the issue exist, because if folder is being accessed by public IP its mean there is 445 SMB port allowed.

    If ports are open and you are able to access the folder with public IP address of DA server then this should work with hostname as well. Please try to access the folder with server name you have registered with ISP . i.e  DA.domain.com.

    3.  what is fform of DMVPN, GDC and RDC.

    Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a virtual private network (VPN) supported on Cisco IOS-based routers
    GDC:- Global Data Center
    RDC:- Regional Data Center

    Monday, March 30, 2015 8:01 AM