locked
Direct Access 2012 and SCCM RRS feed

  • Question

  • Can we use SCCM end point protection to protect the clients that are connected over direct access 2012? I also want to what all we have to configure on direct access to make it work? Do we need to configure ISATAP if we want to push the SCCM end point protection updates to client customers that are connected over direct access?
    Thursday, October 1, 2015 2:28 PM

All replies

  • Hi

    If you want to connect to SCCM agents located on DirectAccess clients connected on Internet you must have IPv6 routing from end to end. By default, you have this routing from your DirectAccess Gateway to your DirectAccess client. If you want to initiate communication rom another internal server, you need to have IPv6 routing from that server. Most easiest way to acheive this is to use ISATAP. It's a little bit old as it was UAG times but have a look at this excellent post from Jason Jones : http://blogs.technet.com/b/jasonjones/archive/2013/04/19/limiting-isatap-services-to-directaccess-manage-out-clients.aspx


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Proposed as answer by BenoitSMVP Friday, October 2, 2015 12:59 PM
    Friday, October 2, 2015 12:58 PM
  • At last if You SCCM agent is initiating communication to get the updates, you don't need ISATAP. You only need ISATAP if you wan't to establish communication from internal network to DirectAccess clients located on Internet.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Friday, October 2, 2015 12:59 PM