I've never configured it when IPv6 tunneling wasn't available (read: I've only done this in my lab), but the documentation says that if 6to4 or Teredo is blocked, then DirectAccess falls back to SSL VPN: "If a firewall or proxy server prevents the client computer using 6to4 or Teredo from connecting to the DirectAccess server, the client automatically attempts to connect using the IP-HTTPS protocol, which uses a Secure Sockets Layer (SSL) connection to ensure connectivity."
Why is IPSec better than SSL? Because it provides end-to-end or end-to-edge authentication and validation, not just server validation. -----Original Message----- From: Brian Desmond [mailto:[email protected]] Sent: Wednesday, March 18, 2009 12:19 PM To: NT System Admin Issues Subject: RE: Curiosity: Microsoft DirectAccess I *think* based on the limited knowledge I have of this feature that it's depending on IPv6 features which are IPSec based. It works over IPv4 but fundamentally is v6 based/dependent. Thanks, Brian Desmond [email protected] c - 312.731.3132 -----Original Message----- From: Micheal Espinola Jr [mailto:[email protected]] Sent: Wednesday, March 18, 2009 11:14 AM To: NT System Admin Issues Subject: Curiosity: Microsoft DirectAccess http://technet.microsoft.com/en-us/network/dd420463.aspx The curious part to me is that this new "VPN" solution - although not calling itself a VPN - uses IPSec, while a majority of the remote access industry is moving toward SSL encryption. -- ME2 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
