This forum is closed. Thank you for your contributions.

Remove From My Forums

Direct Access 2012 and SCCM

Question
0

Sign in to vote

Can we use SCCM end point protection to protect the clients that are connected over direct access 2012? I also want to what all we have to configure on direct access to make it work? Do we need to configure ISATAP if we want to push the SCCM end point protection updates to client customers that are connected over direct access?

Thursday, October 1, 2015 2:28 PM

All replies

0

Sign in to vote
Hi

If you want to connect to SCCM agents located on DirectAccess clients connected on Internet you must have IPv6 routing from end to end. By default, you have this routing from your DirectAccess Gateway to your DirectAccess client. If you want to initiate communication rom another internal server, you need to have IPv6 routing from that server. Most easiest way to acheive this is to use ISATAP. It's a little bit old as it was UAG times but have a look at this excellent post from Jason Jones : http://blogs.technet.com/b/jasonjones/archive/2013/04/19/limiting-isatap-services-to-directaccess-manage-out-clients.aspx
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
- Proposed as answer by BenoitSMVP Friday, October 2, 2015 12:59 PM
Friday, October 2, 2015 12:58 PM
0

Sign in to vote

At last if You SCCM agent is initiating communication to get the updates, you don't need ISATAP. You only need ISATAP if you wan't to establish communication from internal network to DirectAccess clients located on Internet.
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

Friday, October 2, 2015 12:59 PM