[isalist] Re: Direct Access

  • From: Jerry Young <jerrygyoungii@xxxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Tue, 21 Jun 2011 14:07:37 -0400


This is more than just DirectAccess + TMG Server.  You have to ensure that
all of your internal network devices are not only IPv6 capable but are
configured to actively pass the traffic.  If you haven't already, you might
want to review the requirements for DirectAccess, which is outside of the
scope of the document you reference, prior to moving forward.  There are
also some feature and functionality that you lose when using TMG instead of
UAG, which I believe Microsoft actually prefers customers to use for
providing DirectAccess to their external users, the key one being access to
corporate legacy servers (or applications - not all of them work with IPv6)
over IPv4.

That being said, I think you're out of luck as TMG doesn't accept or pass
IPv6 traffic.  The steps which are required to "trick" it into doing so
*must* be done prior to its installation, I believe.

On Tue, Jun 21, 2011 at 1:29 PM, Rob Moore <RMoore@xxxxxxxx> wrote:

> My boss has decided that getting Direct Access up and running is very high
> priority. I’ve recently gotten rid of the last of our Win 2003 DCs and
> raised the functional level of our domain to 2008 R2. So now I’m ready to
> try to get Direct Access to work. So I just now downloaded an article
> published to the isaserver.org website (
> http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-How-configure-Forefront-TMG-DirectAccess-Server.html)
> about configuring TMG as a Direct Access server. Of course the first thing
> it had to say was that you’ve got to install Direct Access BEFORE installing
> TMG. And of course TMG is already on the server in question and is in
> production.****
> ** **
> So, is there a way to move forward, putting Direct Access onto an
> in-production TMG server?****
> ** **
> Thanks,****
> Rob****
> ** **
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=****
> Rob Moore****
> Network Manager****
> 215-241-7870****
> Helpdesk: 800-500-AFSC****
> ** **

Cordially yours,
Jerry G. Young II, CISSP
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner

Other related posts: