04-21-2015 10:20 AM - edited 03-11-2019 10:49 PM
I'd like to find some way to get Teredo to work with our DirectAccess implementation. To do that, the external facing NIC on the DirectAccess server needs to be configured with a routable public IP address.
We have an ASA 5510 (running 8.3 (2)) that has switches on the Internal and DMZ interfaces, but connects directly to our Internet router through the External interface.
So, I do not have a switch that will allow me to connect our DA server directly to the edge. Short of buying a new switch and putting it outside of the firewall, I wanted to see if there was a way to configure the ASA so that Teredo would work in the DMZ.
Our current DMZ has 2 barracuda devices (spam and web filters) using static NAT objects. The IPs are all 192.168.x.
Is there some way of getting the DirectAccess external interface to work in the DMZ with a public IP address (and our ISP's gateway) without mucking everything else up? I've read about transparency mode, but I cannot figure out if that would affect our other devices.
Thanks in advance!
-Brad
04-21-2015 11:03 AM
Forgive my ignorance (I'm a Windows server admin, not a network guy), but I just discovered that there's 4 interfaces on the ASA. So we have interface 3 unused and not enabled. I'm guessing there's some way that I could connect the server there?
04-21-2015 11:21 AM
Hi. I'm not 100% sure.......... But I think With UAG service pack 1 or 2 you no longer require a publicly routatable address for the external interface of the UAG server. You can now add the UAG server to your existing DMZ without affecting the addressing. Then you allow the Teredo tunneling traffic to the server.
HTH
04-21-2015 11:25 AM
DirectAccess will work behind a NAT device - but only using IP-HTTPS (which is slow). It's Teredo that requires the 2 public IP addresses -- even on Server 2012.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide