cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
710
Views
0
Helpful
3
Replies

Can Teredo for Microsoft DirectAccess work in the DMZ of an ASA 5510?

bswiento76
Level 1
Level 1

I'd like to find some way to get Teredo to work with our DirectAccess implementation.  To do that, the external facing NIC on the DirectAccess server needs to be configured with a routable public IP address.

We have an ASA 5510 (running 8.3 (2)) that has switches on the Internal and DMZ interfaces, but connects directly to our Internet router through the External interface.

So, I do not have a switch that will allow me to connect our DA server directly to the edge.  Short of buying a new switch and putting it outside of the firewall, I wanted to see if there was a way to configure the ASA so that Teredo would work in the DMZ.

Our current DMZ has 2 barracuda devices (spam and web filters) using static NAT objects.  The IPs are all 192.168.x.

Is there some way of getting the DirectAccess external interface to work in the DMZ with a public IP address (and our ISP's gateway) without mucking everything else up?  I've read about transparency mode, but I cannot figure out if that would affect our other devices.

Thanks in advance!

 

-Brad

3 Replies 3

bswiento76
Level 1
Level 1

Forgive my ignorance (I'm a Windows server admin, not a network guy), but I just discovered that there's 4 interfaces on the ASA.  So we have interface 3 unused and not enabled.  I'm guessing there's some way that I could connect the server there?

Andre Neethling
Level 4
Level 4

Hi. I'm not 100% sure.......... But I think With UAG service pack 1 or 2 you no longer require a publicly routatable address for the external interface of the UAG server. You can now add the UAG server to your existing DMZ without affecting the addressing. Then  you allow the Teredo tunneling traffic to the server.

HTH

DirectAccess will work behind a NAT device - but only using IP-HTTPS (which is slow). It's Teredo that requires the 2 public IP addresses -- even on Server 2012.

Review Cisco Networking for a $25 gift card