Configuring DirectAccess on Windows Server 2012 R2

Configuring DirectAccess on Windows Server 2012 R2
My Setup is as Follows: Direct Access Server has 2 Network Card, One goes to the internet and one for Internal LAN.
The following ports are needed for DirectAccess to work:
                    Protocol 41
                    UDP 3544 Inbound and Outbound
                    TCP 443 Inbound and Outbound
This is running on my Windows Server 2012 R2 Hyper-V host! (Will get to this one later).
Here we Go!!



















Go On and Add / Remove Role

























Select Remote Access Click Next
























Select DirectAccess and VPN (RAS)

























Click on Install























Watch the Install Process..
























Once Finished, Click on Open the Getting Started Wizard

























Click on Deploy Direct Access Only

DA-09





























Wizard Checks a Few Things before starting..

DA-10





























As mentioned my DA Server is on Edge with 2 NICs (technically it’s behind TMG, but I have a few exceptions myself)
Input the Public name or IPv4 address.




























Click Finish, we will configure the rest in a bit..
DA-12





























It updates and creates configurations as well as 2 Group Policy, namely; DirectAccess Client Settings

and DirectAcess Server Settings

DA-13















Here’s the Dashboard after it has finished configuration and deployment.

DA-15





















Click on DirectAccess and VPN. As you can see here, there are several possibilities here.
Step 1: Allowing Client Access, Which Groups and For whom as well as the DA Connection Name.
Step 2: Is where you select Network Cards and also certificate, and authentication type. (You will see it below)
Step 3: Is a bit like NAP, i.e where you say where your remediation servers are
Step 4: End to End Application
Click Edit on Step 1.

DA-16




















Here we will select DA for Client and Remote Management.

DA-18























Here enter a support email and the DA Connection name and allow DA Clients to use Local Name Resolution.
Click Finish.
DA-20




















Here is what Pop’s up and it will go edit the GPO. Isn’t that Super Cool !!
























Now next step before we check if our clients can connect, we must make sure that we run a gpupdate against the client and make sure they pull the policies.




















As you can see in the Picture below, which is basically a VM at my house, with an internet connection and the DA Policy. (I have a VPN connection to the server so that it pulls the update, and the vm is joined to the domain).





















So there, it says connected!.
That’s it!! You have DA working :)
 Coming back to my DA Server config, here’s what it looks like.






















The 2 NIC, one Internet and 1 LAN (IPV6) and the certificate.






















That’s the authentication :)
DA-27
Posted by
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)