locked
Direct Access Force tunneling RRS feed

  • Question

  • Hello All,

    I have a question regarding force tunneling in DA 2012. 

    I want to know whether we can force the traffic to go the internal proxy server for a particular website. I don't want to enable the force tunneling for all the traffic, just want to enable it for few site. 

    -Ashish

    Wednesday, April 15, 2015 8:14 PM

All replies

  • Hi,

    The force tunneling force all trafic to go  into the DirectAccess tunnels. DirectAccess operate at computer/user level, It does not operate at Proxy level.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Proposed as answer by BenoitSMVP Thursday, April 16, 2015 11:51 AM
    Thursday, April 16, 2015 11:51 AM
  • Hello There,

    As mentioned by other expert, we do not have a Interface via DA to do this.

    however you can achieve the same by editing GPO directly -- do not edit the GPO created by DA wizard directly, as it might get over written at the next Activation.

    Instead duplicate the DA's GPO and its security settings and edit them

    You can also check this out.

    https://social.technet.microsoft.com/Forums/forefront/en-US/d3c6fb5e-f006-45f4-ab7d-c0f720fc473f/directaccess-for-1-single-fqdn?forum=forefrontedgeiag

    • Edited by Vasu Deva Friday, April 17, 2015 11:38 AM
    Friday, April 17, 2015 11:37 AM
  • I have a further question in regards to force tunneling. I have configured the direct access 2012 to make use of the force tunneling and i have configured to make use of the internal proxy server. Now i want to add the exception for the site that have been hosted externally and we dont want to route the traffic through the DA tunnel for those particular site. I have added the exception entries in the NRTP table. But i still see the traffic flowing from the direct access tunnel? Is this the normal behavior? Or how can we setup the nrtp exception entries in force tunneling mode? we can't remove the force tunneling as it is a security requirement?

    -Ashish

     
    Thursday, July 9, 2015 8:24 PM
  • Hi,

    Force tunneling isolation mecanism rely on a GPO parameter in Computer configuration\Administrative Template\Network\Network connections\Route all traffic, ... If you overide it with a GPO of yours you may (not tested) be able to have NRPT exception working.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Friday, July 10, 2015 7:26 AM