Remote Administration of External DirectAccess Clients

I've read conflicting articles about remote administration of external DA clients. One Technet blog here http://blogs.technet.com/b/edgeaccessblog/archive/2010/09/14/how-to-enable-remote-desktop-sharing-rds-rdp-from-corporate-machines-to-directaccess-connected-machines.aspx says:

"Because we use IPv6 in Direct Access, any corporate client that wants to communicate to the DirectAccess clients must have an IPv6 address.  We can set up either a real IPv6 addressing scheme or set up ISATAP, which does not require IPv6 aware routers, switches or hubs".

But then when I read anything about configuring DA anywhere else on Technet it says using ISATAP on the corporate network is not supported.

Confused???



  • Edited by broonster27 Thursday, August 20, 2015 2:55 AM
August 19th, 2015 11:39pm

Hi broonster27,

I have read the articles provided by you, the two articles are not inconsistent with each other. Forefront UAG supports ISATAP for direct access, but direct access provided by Windows server doesnt support ISATAP.

If forefront UAG is configured to use ISATAP, it is recommended to disable it in Windows server, and use NAT64 instead.

You may refer to the following link for more information about migrating from forefront UAG SP1 direct access to Windows server 2012:

https://technet.microsoft.com/en-us/library/hh831658.aspx

Best Regards,

Anne He

Free Windows Admin Tool Kit Click here and download it now
August 20th, 2015 9:32am

Ah, I didn't realise that page was a UAG one.

I'm already using Server 2012 R2 for DirectAccess which uses NAT64 by default so where does that leave me with remote administration. The UAG article says use ISATAP on the administration PCs but the Server 2012 R2 pre-reqs state I can't use ISATAP. Does this mean I must have a full IPv6 internal infrastructure to support remote administration?

August 20th, 2015 8:45pm

Ah, I didn't realise that page was a UAG one.

I'm already using Server 2012 R2 for DirectAccess which uses NAT64 by default so where does that leave me with remote administration. The UAG article says use ISATAP on the administration PCs but the Server 2012 R2 pre-reqs state I can't use ISATAP. Does this mean I must have a full IPv6 internal infrastructure to support remote administration?


*Bump*
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2015 11:23pm

Hi booster27,

As far as I know, it do need a full IPv6 internal infrastructure to support remote adminstration.

Best regards,

Anne He

August 26th, 2015 1:08am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics