directaccess and sep 12.1 RU1 RRS feed

  • Question

  • Hi, I've seen a very useful conversation regarding SEP and DirectAccess. At the end, David K Welch said:

    "We finally figured it out, in addition to the standard exclusions for IPv6, and IPSec, we had to add an exclusion for Ethernet Protocol 0x1111 and Ethernet Protocol 0x1112 (where 1111 and 1112 are last four digits of the public facing IPv6 addresses for the DA Server).  Apparently, when negotiating IPSec, the client negotiates its high ports based on the decimal conversion of the hex.  In my example here, the ports would be 4369 and 4370.  As you can imagine we had to dive pretty far into SEP to figure exactly what was going on.  Anyway, I hope this helps somebody figure this out more quickly that we did."

    It was really useful for us, but we would like to know which are the other rules absolutely needed. we have included some rules from different discussions out there, and when we added David's one, it started working. could I know the exact set of rules needed (the minimum).

    thanks and best regards,


    Monday, April 22, 2013 4:58 PM