locked
Route to external private link via direct access RRS feed

  • Question

  • Hi

    We have direct access 2012 r2 running in the environment with Split.tunneling over IP-HTTPS . All is good but I am trying to achieve one more task

    We have many private dedicated WAN link to different client to access some applications like ctirix etc. While workstations are in office , they can access all those applications as all traffic goes to a default router and router can route the application based traffic over the private link. clients get the IP using internal DNS. I have made dns zone for applications . Such as our domian is test.com.au and a application is located over the private link and dns zone is like  app.client.com.au

    When people take their workstations at home, they are unable to access the apps. Is there a way, I can publish dns records to workstation while they are outside the corporate network and  route the traffic via IPSEC tunnels and then over to private link?

    Thanks for help.


    • Edited by iffarrukh Sunday, June 19, 2016 3:46 AM
    Sunday, June 19, 2016 3:46 AM

All replies

  • Hi,

    You just need a name resolution for DirectAccess clients. You should include NRPT entries using the Step 3 on the DirectAccess Gateway. With this configuration, DirectAccess clients will request for name resolution to the DNS64. Once name resolution is OK, NAT64 will do the job.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Proposed as answer by BenoitSMVP Sunday, June 19, 2016 11:02 AM
    Sunday, June 19, 2016 11:02 AM
  • Hi

    Thanks for response. I have added the entry but still cannot access. And just for information the app I am trying to access is not in internal network but outside(over the wan via private link), would DA re-route the traffic outside of internal network.

    I have attached a sample diagram which will show what I am trying to achieve

    So that what I am trying to achieve. As app is not on internal network. When client are inside (client1 pc). It can access thirdparty app(10.1.1.1) . But from outside I cannot via client2

    .

    Thanks again for help/

    Monday, June 20, 2016 4:18 AM
  • Hi,

    If it's a routable network from the internal interface of the DirectAccess Gateway, it should work. We only need name resolution. Can you see new NRPT entries using NETSH NAMESPACE SHOW POLICY on a DirectAccess Client?


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Monday, June 20, 2016 8:15 AM