locked
Direct Access clients managing Direct Access Clients RRS feed

  • Question

  • Hi Everyone,

     

    Does anybody allow DA clients to DA clients. For example, if an IT support guy is at his home and the CEO is at home. Do you allow the IT support guy to connect directly to the CEO’s laptop for file share, RDP, etc?  or do you make the IT support guy use an internal system to support?

     

    I wondering if it’s a good option and if so what remote addresses did you add to your Inbound Rules to limit the access 


    Regards, Blair Muller Check Out My Blog: http://blair-muller.blogspot.com/
    • Edited by Blair Muller Wednesday, December 7, 2011 1:19 AM
    Wednesday, December 7, 2011 1:18 AM

All replies

  • For simpler management I personally would go for an internal RDP server and use that for remote management (e.g IT support connects via DA, logs on to the RDP server and helps out the CEO....).

    Do note that if you are using "manage-out" you need to deploy IPv6 on the internal network, either natively or via transition technology (ISATAP).


    Hth, Anders Janson Enfo Zipper
    Wednesday, December 7, 2011 9:25 AM
  • Yeah, I have done this with collegues for a few customer demos (both of us on site using DA at the same time).

    Both clients should be using the same /49 prefix for their source IPv6 address as generated by UAG during install. If you use this prefix as the remote address on the Windows Firewall rules, it should include all DA clients and any internal clients using ISATAP too. 

    This is worth a read too: http://technet.microsoft.com/en-us/library/ee809083.aspx

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, December 8, 2011 4:45 PM
  • Thanks Jason, I will have a look into it and let you know how I go. 
    Regards, Blair Muller Check Out My Blog: http://blair-muller.blogspot.com/
    Thursday, December 8, 2011 9:47 PM