Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

End-to-end Access Example

Updated: October 1, 2009

Applies To: Windows 7, Windows Server 2008 R2

ImportantImportant
This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (http://go.microsoft.com/fwlink/?LinkId=179988).

End-to-end access removes the infrastructure and intranet tunnels to the DirectAccess server. All intranet traffic is end-to-end between DirectAccess clients and intranet application servers and is encrypted with Internet Protocol security (IPsec). In this configuration, the DirectAccess server is no longer terminating IPsec tunnels. It is acting as a pass-through device, allowing the IPsec-protected traffic to pass between the DirectAccess client and the application servers. A component of the DirectAccess server, known as IPsec Denial of Service Protection (DoSP), monitors the IPsec traffic to help prevent malicious users on the Internet from launching DoS attacks against intranet resources.

The following figure shows an example of end-to-end access.

f686b53b-9431-4775-ba58-9a904ddfe7be

The DirectAccess client and intranet application servers should be configured to perform IPsec peer authentication using computer credentials and to protect the traffic with Encapsulating Security Payload (ESP) for data confidentiality (encryption) and integrity.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.