Forum Discussion
Josh_41258
Nimbostratus
NimbostratusDirectAccess 2012?
I'm wondering if anyone here has successfully deployed DirectAccess 2012 behind BIG-IP?
http://www.f5.com/pdf/white-papers/microsoft-direct-access-white-paper.pdf
We are trying to configu...
Amit_Bhatnagar_Nimbostratus
NimbostratusHi, I am using the exact configuration. Unfortunately, the Clients stop connecting when I enable ELB. The Servers are pointing the internal IP of F5 as DG. Also, one thing that I am confused about is where to use the VIP which is created at the time of DA ELB Wizard. I have four Servers with 10.20.4.41, 42,43,44 and when I run the Load Balancing Wizard, it upgrades the 41 IP as VIP and I have to use 45 as the DIP but since F5 only requires the Self IP, where exactly do I use this IP. Also, I am trying to search for http://www.f5.com/pdf/white-papers/microsoft-direct-access-white-paper.pdf but it is not available anywhere. I am using Performance L4 profile.
Martijn_65080Cirrus
Internal VIP does not need to be configured on the Internal side on the F5. If you don't do managed out, 6to4 will be used from client to internal resources if you have an IPv4 internal network. So client traffic will get NATted behind the DA servers internal IPv4 addresses. If you use Native V6 in your internal network then a VIP is also not required. If you choose a /59 IPHTTPS client prefix in your config all DA servers will get their own ipv6 subnet applied for IPHTTPS clients. You can then use native routing for the IPV6 subnets to the DA servers. What scenario did you pick when running the wizard ? Single Interface behind edge device ? Martijn Strange part about all this is that the Loadbalancing wizard requires you to set DIP and VIP addresses. The only VIP i know off that is used is the Internal IPv6 address. This address is used as the 6to4 DNS server address. You can find it in the local FW config on the servers. Rule Domain Name Server TCP and UDP in. This adress will also be sent to the clients to do their DNS64 resloving.
