Has anyone here implemented Direct Access 2012?

Spooter · 18 Dec 2013 at 10:32

Hi all,

I was wondering if we have any members on OCUK who have implemented Direct Access? I have a couple of questions that's all.

Do you have the DA server in the DMZ with one adapter and the other on the local lan?

How are you handling the certificates?

Spooter · 19 Dec 2013 at 10:41

Surely you need one leg in the network though to be able to access the network once the connection is established?

And to make the connection you need..

A laptop joined to the domain
User credentials
TPM module
Certificate

And only if you tick all those boxes will you actually create the connection to the DA server?

What ports are you forwarding to the DA server? Is it just 443?

Spooter · 19 Dec 2013 at 11:40

Thanks the heads up.

I would want to use the Virtual smart card as a form of Two factor authentication and it prevents the certificate from potentially been moved.

The more I read the more complicated it gets if we want all the bells and whistles.

For a start I would want to use multi-site so that means I need a PKI server after all.

I guess most people cant use Teredo because they implement their DA server behind a NAT device meaning only IPHTTPS can be used. I suppose this saves the need for two public facing IP addresses though.

How are you guys managing certificates?

Spooter · 19 Dec 2013 at 14:28

No worries ill let you know how it goes in the new year.