In this network the Active Directory domain controller is configured with the IP Address 10.5.0.2.
While Routing and Remote Access does not require an Active Direction domain, it is much easier to setup Routing and Remote Access when there is an Active Directory domain setup. The 10.5.0.0/24 network is not configured to have Internet access.
The router is configured using NAT to direct all network traffic which is used by the Point to Point Tunneling Protocol (PPTP) VPN to the 192.168.0.0 IP address which is configured on one of the network cards. The 192.168.0.0/24 subnet is configured as the network which has Internet access. The 10.5.0.0/24 subnet is configured as the local LAN which the Active Directory domain is running within. For this lab there are two different networks configured. Installing Routing and Remote Accessįor this section of the book a rather complex lab was needed so that setting up Routing and Remote Access could be fully documented.
Most organizations deploy dedicated router appliances to create this functionality, but Windows Server 2008 R2 Routing and Remote Access can be used to fulfill the same needs to route traffic between two separate logical subnets. As you learned earlier in this chapter, networks are rarely composed of a single subnet and require a router to send traffic between subnets. Additionally, you can use the routing features in Routing and Remote Access to create a router between two separate subnets. VPN and dial-up services can also be used to provide site–site connectivity within the corporate network. These access features allow remote users to connect to the corporate network and access network resources, such as file servers, print servers, and intranet Web sites. Windows Server 2008 R2 includes Routing and Remote Access features to provide basic IPv4 and IPv6 routing as well as remote access services, such as VPN and dial-up. Joey Alpern, in Microsoft Windows Server 2008 R2, 2010 Routing and remote access There is a nice “Complete Guide to UAG DirectAccess” that can give you some additional insights into planning your infrastructure at. In addition, many of the same requirements existed for the UAG DirectAccess solution. There is a good review of the planning requirements for the enterprise setup of DirectAccess at. While planning and deployment will be much easier than it was with the previous Windows version of DirectAccess and even the UAG version (if you take into account how difficult it was to deploy multisite and multiple domains in the past), there is still a good deal of footwork required to get the infrastructure setup and stabilized before you even think about enabling the DirectAccess server and clients. The means that you will need a fairly robust DNS and PKI infrastructure to support your DirectAccess solution. The more complex scenarios that require two-factor authentication, multisite access, and load-balanced arrays are going to require the same level of back-end planning and deployment that was required by the previous UAG version of DirectAccess. This is design for very small organizations that do not require enterprise levels of support and availability.įor details on planning a simple deployment, please see.
This basic setup will support only the IP-HTTPS protocol and does not support more advanced features such as multifactor authentication, multisite deployment, or high availability scenarios. The basic DirectAccess solution can be as simple as a single DirectAccess server with a single network interface which is configured with a private IP address and is located behind a NAT device. ▪Ī basic PKI to support certificate requirements for the DirectAccess server, DirectAccess clients, and Network Location Server. ▪ĭirectAccess clients and servers must belong to a domain that contains the DirectAccess GPO objects that configure the DirectAccess clients and servers.
Windows 8 client for rich DirectAccess functionality (multisite support, remote domain join, and other new Windows 8 features).
Windows 7 clients for basic DirectAccess functionality. Windows Server 2012 with the Unified Remote Access role enabled.
Basic DirectAccess requirements need to be met before you start thinking about setting up the infrastructure.