locked
DirectAccess - Accessing server outside Internal network RRS feed

  • Question

  • All,

    I have an interesting problem that I am trying to solve.  Here is the scenerio:

    We have outsourced our payroll to an external company, thus in order to access it you have to go to an external web server.  To keep folks from accessing the web server from outside our organization, the hosting provider put IP blocks on to only allow our enterprise IP space to be able to access it.

    Everything works great until you fire up a laptop and try to connect when Direct Access is running.  What happens is because we created a DNS alias internal to the company called payroll.contoso.com which is an A record pointing to the external hosting providers server, Direct Access believes it's an internal address but when you look at the TMG logs it denies the connection.

    I thought an easy way to get around this is to simply add the external hosting providers server IP into the Internal network setting within the UAG network interface configuration, but that didn't seem to help either.

    I would turn off split tunnelling for Direct Access which I assume would fix this problem, but we also use Office Communicator and Live Meeting which at the time of our implementation (Fall, 2010) were not supported/or working through Direct Access.

    Anyone have any thoughts on this?

    Thanks,

    Sam



    • Edited by SamEvans Wednesday, February 15, 2012 7:53 PM
    Wednesday, February 15, 2012 7:49 PM

All replies