Add a published route so that all traffic with an organization (/48) IPv6 prefix is forwarded to the internal network. Manually configure organization IPv4 and IPv6 routes on the Remote Access servers. When native IPv6 is deployed in the organization, add a route so that the routers on the internal network route IPv6 traffic back through the Remote Access server. Set-NetIPsecRule -DisplayName -GPOSession $gposession -Profile AnyĬonfigure routing in the corporate network as follows:
If the 2nd NIC cannot be configured for the domain profile for any reason, then the DirectAccess IPsec policy must be manually scoped to all profiles using the following Windows PowerShell commands: $gposession = Open-NetGPO -PolicyStore In the event that the Remote Access server has two network adapters (one classified in the domain profile and the other in a public/private profile), but a single NIC topology will be used, then the recommendation is as follows:Įnsure that the 2nd NIC is also classified in the domain profile - Recommended.
A single internal network-facing static IPv4 or IPv6 address.One Internet-facing public static IPv4 or IPv6 address.Ī single internal static IPv4 or IPv6 address. All IP addresses are configured by using Change adapter settings in the Windows Networking and Sharing Center. The following network interface settings are required for a single server deployment in an environment with IPv4 and IPv6. The Enable DirectAccess Wizard configures the network location server on the DirectAccess server. Join client computers to the Active Directory domain.Ĭonfigure GPOs for the deployment, if required.Ĭonfigure security groups that will contain DirectAccess client computers, and any other security groups required in the deployment. It also configures an IP-HTTPS certificate on the Remote Access server.Ĭonfigure DNS settings for the Remote Access server. The Enable DirectAccess Wizard configures a built in Kerberos proxy that authenticates using user names and passwords. TaskĬonfigure the server network settings on the Remote Access server.Ĭonfigure routing in the corporate networkĬonfigure routing in the corporate network to make sure traffic is appropriately routed.Ĭonfigure additional firewalls, if required. Before beginning the deployment steps, ensure that you have completed the planning steps described in Step 1: Plan DirectAccess Infrastructure.
This topic describes how to configure the infrastructure required for enabling DirectAccess in an existing VPN deployment. Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016