locked
DirectAccess - 2 Nics in 2 Subnets: What to do with Gateways? RRS feed

  • Question

  • I am trying to setup DirectAccess with a server that has 2 nics.  One in the DMZ and one in the LAN.  

    Lets start here - is this the recommended setup?

    If so, I will need to set a gateway on one of the nics as you cant do both.  Got that.  I am assuming that the gateway should be set on the DMZ nic and then use a static route to get traffic on the LAN nic into the network as needed. 

    Is this correct?  Would you recommend I do something different?  Thoughts?

    Tuesday, May 7, 2013 7:57 PM

Answers

  • Hi,

    Another word for gateway is default route. Default route is the route that a client uses when it doesn't have any specific route. You probably know this, but I want to be totally clear.

    It is impractical (but possible) to add a route for every subnet on the Internet. This isn't nearly as difficult to do for every subnet on a LAN. Therefore, the default route is normally configured to be the interface where you want to send traffic intended for the Internet (toward the DMZ).

    I'm not very familiar with DA but according to http://technet.microsoft.com/en-us/library/jj574101.aspx a dual homed approach is valid. FYI, this topic also recommends you use the external facing (DMZ) interface for the default route.

    -Greg



    Wednesday, May 8, 2013 6:20 AM