Hi all,

My client's scenario is a little bit odd. They have 2 networks. 1 for server LAN and 1 for user LAN. Both networks have no Internet connection. The networks are totally segregated. The domain-joined machines in user LAN can only connect to the server LAN via DirectAccess. This part should be fine.

However, the client has some special laptops which allow user to bring them home. They needs to dial into the user LAN with a special hardware VPN first, and then connect to server via DirectAccess. In this case, will DirectAccess still work? means DirectAccess over VPN. Will this work or will this be supported?

I suspect this will not work because once DA detect it is outside of server LAN, DA adapter will be active. Then routing changes and will affect VPN connection in the end. Then user totally cannot connect.

Thanks,

William

That would be my guess as well. I have not had luck getting DirectAccess to play well with other VPN solutions. Once the machine connects to the other VPN your NLS site will probably not be reachable any more. DirectAccess will think it's off the network and enable the private firewall profile which will enable the tunnels and switch the name resolution policy table to become enabled which can cause both VPNs to fail and put the machine into a broken state.

To get around this problem in our environment we made a route from our other VPN solutions to the NLS site so they are reachable when connecting to our other VPN's. This way DirectAccess will think its on site and not turn on.