DirectAccess Requirements

DirectAccess requires the following:
• One or more DirectAccess servers running Windows Server 2008 R2 (with or without
UAG) with two network adapters: one that is connected directly to the Internet and one that is
connected to the intranet (or to the DMZ). DirectAccess servers must be a member of an AD DS domain.
• On the DirectAccess server, at least two consecutive, public IPv4 addresses assigned to
the network adapter that is connected to the Internet.

(Why 2 consecutive IPv4 addresses ?

1: Teredo; is a bridging mechanism, designed to allow IPv6 traffic to be sent over an IPv4 network.And Teredo needs to detect the type of NAT used on client side, because it can not work with all types. (We will talk about Teredo deeply later also).

2: IPSec; DA uses 2 IPSec tunnels.And a IPSec tunnel needs to bind to a dedicated IP address.)

• DirectAccess client computers that are running Windows 7 Enterprise or Windows 7
Ultimate. DirectAccess clients must be members of an AD DS domain.

• At least one domain controller and DNS server that is running Windows Server 2008 SP2
or Windows Server 2008 R2. When UAG is used, DirectAccess can be deployed in some
scenarios with DNS servers and domain controllers that are running Windows
Server 2003 R2.

• A public key infrastructure (PKI) to issue computer certificates, and optionally, smart card
certificates for smart card authentication and health certificates for NAP. For more
information, see Public Key Infrastructure on the Microsoft Web site.

• Without UAG, an optional NAT64 device to provide access to IPv4-only resources for
DirectAccess clients. DirectAccess with UAG provides a built-in NAT64.