Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Microsoft Direct Access experience ?

Anyone have any feedback on using MS Direct access for win 7 laptops and 2008 servers ?

My support team is about to start a win 7 upgrade for all desktops and are asking to use MS DA to replace our

existing Cisco VPN solution. We are an IPV4 network outside and inside currently and are at least 2 - 3 years away from

that changing. Looking for feedback as I have gone over the design and its fairly complexed given the IPV6 - IPV4 translations

that need to happen.

The design also calls for a Win 2008 server with 2 interfaces to traverse our corporate firewall. One connection on the outside and

one on the inside. This design just doesnt seem secure to me

Any feedback would be appreciated




Microsoft Direct Access experience ?

I was looking into this recently as I was on a customer site and they were attempting to implement it without any thought whatsoever.  I would say you don't need to traverse the corporate firewall but you do need two consecutive public IPv4 addresses on the DirectAccess Server (or IPv6 addresses if you have this).  You obviously can't NAT these addresses so they physically need to be configured on External NICs on the server.  These can still be behind a firewall though, just not NAT'd.

From a security perspective it depends on how secure you think Windows 2008R2 & your AD is?  In effect its as secure as using Windows RRAS as your VPN terminating device but without the massive headache (sarcastic) of initiating a VPN connection.  Once it is set up it should be seamless for the Windows 7 clients.


CreatePlease login to create content