Windows Server 2012 R2 DirectAccess Edge Traversal


I have a Windows Server 2012 R2 Standard server on the internal network with a single adapter, and have installed the "Remote Access" role, then the "DirectAccess and VPN (RAS)" role service.

I then used the "Run the Getting Started Wizard" and accepted the default/correctly detected "behind an edge device (with a single network adapter".

Everything completed successfully.

The "Remote Access Dashboard" shows all green ticks.

NETSTAT shows...

C:\>netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP            [servername]:0             LISTENING

... so the server is listening for IP-HTTPS on port 443.

My colleagues have configured network address translation from the public IPv4 address to the internal IPv4 address, and added a DNS record in the public DNS server.

GPRESULT shows the DirectAccess server has received and applied the "DirectAccess Server Settings" policy.

HOWEVER, if I try to test if the port is available on the Internet, for example using, then it is closed.

Similarly, telnet from an intranet client to the DirectAccess server's port 443 fails.

A closer look at "Windows Firewall with Advanced Security > Inbound Rules" shows rules called "Core Networking - IPHTTPS (TCP-In) that are enabled and allow traffic.  One appears to be "local", and one is from the "DirectAccess Server Settings" group policy.  If I examine either rule, then look at the Advanced tab, there is an "Edge traversal" section, and both rules are set to "Block edge traversal".

I haven't seen references to this anywhere, except one or two references associated to 2008 R2

Configure Packet Filters to Allow Management Traffic to DirectAccess Clients

I think that Edge Traversal should be enabled, but am surprised that it is not; there is no mention of this anywhere, and everything else appears to have been configured correctly.  Am I OK to enable it?

Is this because I deployed DirectAccess, before I had configured NAT and added the DNS record?

Thanks in advance.


November 26th, 2014 7:19am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics