locked
Server 2012 Direct Access hosted on NAT server RRS feed

  • Question

  • Morning all,

    I'm considering the following scenario:

    --------------------------------------

    A single machine with 2 NICS (1x External, 1x Internal) running Server 2012 with DirectAccess and RRAS configured on the same host. RRAS would have NAT to allow outbound routing for the clients, while DirectAccess would serve as client connectivity to internal network for external machines. The idea is to have a single "Router" machine that also runs DA.

    --------------------------------------

    My question is whether this is possible :) My primary issue is that I don't have 2x public IP addresses I have only one. I have successfully built a separate proof of concept of using the standard scenario of Direct Access behind a NAT router using IP-HTTPS port forwarding 443 to the DA box - however I cannot put it live as I already need port 443 for my exchange ActiveSync/Webmail and had to disable this to steal the port for the proof of concept.

    I found that if you configure a RRAS NAT solution, then configure DA it lets you set it all up and "claims" everything is working. But ofc it doesn't and it seems fairly clear that the NAT firewall is preventing it from working as expected.

    If anyone has any thoughts on whether this is a supported configuration, ideas on how to force either ActiveSync or DA to use a different port instead of 443, or any other ideas... I would welcome a conversation on this.

    Cheers

    Monday, April 8, 2013 11:21 PM

Answers

  • Look at this: http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/3a2be182-0af5-4bb5-a951-3f0f948bfa17/ You can change the port for DA to something else than 443. Hasan
    Wednesday, April 10, 2013 8:42 PM

All replies

  • My bad. I was working on the assumption people realised I wouldn't just have a DA server (which requires AD/DNS) without AD and DNS :)

    For clarification, I have an entire internal network, with AD, DNS, DHCP, WebServers, Exchange, etc and am simply looking to consolidate my DA and Router into a single machine in order to use try and get it all working on a single public IP address. I only have one and as ActiveSync/WebMail publishing is already taking 443 on that IP I can't use the DA simplified configuration of behind NAT with 443 forwarding. So I am looking to put the DA as edge so it doesn't need 443 and have the NAT router installed on it to also forward 443 to exchange server.

    I possibly wasn't clear. my mistake. Any ideas?

    Tuesday, April 9, 2013 8:31 AM
  • I don't want to be harsh, but what is the point of replying if you don't read the original post, or my reply to your first nonsensical post. HyperV will not provide any solution to my question. I know exactly what it is and the fact that all the servers/roles I listed are already VMs running on HyperV is irrelevant. It has no effect on the scenario described.

    Again... I'm trying to establish if a DA server can sit on the edge *with* RRAS NAT installed on the same box to avoid having to publish 443 (like you do when it is *behind* a NAT device). I'm guessing not because technically it is still technically behind NAT?

    Anyway I'm looking for anyone that has labbed it and/or found a way to make it work. Any suggestions welcome, but please don't post that I need DNS - that's not helping :) lol

    Tuesday, April 9, 2013 7:10 PM
  • /sigh... nevermind. I'm not sure if this is a language barrier but I think I'll just leave it there. Looks like no-one else has feedback to offer and while I appreciate the time you have taken to respond you are continuing to completely miss the point. It seems fairly clear you do not understand what I am asking and I have run out of ways to put it :)

    /peace.

    Wednesday, April 10, 2013 10:14 AM
  • Look at this: http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/3a2be182-0af5-4bb5-a951-3f0f948bfa17/ You can change the port for DA to something else than 443. Hasan
    Wednesday, April 10, 2013 8:42 PM