Microsoft Forefront Edge Security Blogs

Every IT manager, when deciding on a strategy for deploying DirectAccess for their corporate users, has the following questions on their mind about IPv6:

By now, most of us know what DirectAccess is. For those who don’t, Direct Access is a revolutionary VPN technology which was introduced in Windows Server 2008 R2. It provides seamless connectivity to corporate resources without requiring any dial-up or VPN. DirectAccess connectivity is based on IPsec, IPV6, and transition technologies like Teredo, 6to4, IP-HTTPS, and ISATAP. In DirectAccess, the IPv6 traffic is encapsulated in an IPv4 packet and is then sent across the internet, after which the DirectAccess server reads the IPv6 headers and executes it.

In our previous post at http://www.nappliance.com/blog/nappliance-nuag-and-directaccess-better-together we highlighted how UAG and DirectAccess are better together and the benefits of connecting through the DirectAccess. In this post we will concentrate on the advantages DirectAccess has over the traditional VPN connectivity and why companies would want to move away from the VPN infrastructure.

Problem:

When trying to activate the configuration on a UAG server, you might find that the activation failed and you can see the following error messages in the status window:

Error: Applying Network Access Protection configuration failed.

Error: The UAG DirectAccess configuration cannot be activated

Microsoft UAG 2010 can be integrated with Windows NAP (Network Access Protection) to make sure that the computers comply with the IT policies before user’s login into the UAG portal. Windows Network Access Protection is part of Windows 2008 and 2008 R2 servers. No extra hardware or licensing is required to implement Microsoft NAP in an environment. Moreover, there are simple settings in UAG for integrating NAP to do policy enforcement.