I have 2 Windows 2012 DirectAccess servers: 1 at a primary site and 1 at a secondary site. I want to be able to setup a "manage out" scenario for a few DirectAccess clients. How would I do this in a multisite environment if Microsoft recommends native IPv6 instead of ISATAP? I haven't been able to find any documentation on how to do this when two sites are involved. Any help is appreciated. 

Thanks,

Chris

Hi,

To be clear, Microsoft does not recommand to generalize ISATAP on your internal network but you can perform a limited deployment as described here : http://blogs.technet.com/b/jasonjones/archive/2013/04/19/limiting-isatap-services-to-directaccess-manage-out-clients.aspx. Jason also described a native IPv6 scenario here http://blogs.technet.com/b/jasonjones/archive/2013/04/02/windows-server-2012-directaccess-manage-out-using-native-ipv6.aspx but not applicable to multisite and HLB deployments.

Thanks. I'm aware of the limited deployment scenario and how to set it up for a single site. I just need to know how it would be done with 2 sites involved. Does each server need an ISATAP router installed with DNS entries pertaining to each site or can this only be installed at one site? 

Hi

With two sites, ISATAP is not recommanded because an ISATAP client (helpdesk PC for eg) is client of one ISATAP router that is linked to a site, so a DirectAccess Gateway. If DirectAccess client that need to be managed-out is not connected to the same site, it will not work. That's why Native IPv6 would be a better approach.