cancel
Showing results for 
Search instead for 
Did you mean: 
mlmarshall3
Level 7

HIPs Location Aware Group and DirectAccess

I'll lay out the scenario first:

ePO 4.6.6

HIPs 8.0.0.2482

Windows 7 endpoints

DirectAccess Connectivity Assistant Version 2.0

RAS Server 2012 R2 back end

We were a somewhat successful in setting up LAG with our previous VPN but we are looking through the implementation of DirectAccess and it's not functioning.  We've tried a few things:

First, the IPv6 tunnel adapter has no location settings.

Tunnel adapter IPHTTPSInterface:

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : IPHTTPSInterface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : XXXX:XXX:XXX:XXXX:XXXX:XXXX:XXXX:XXXX(Preferred)

   Temporary IPv6 Address. . . . . . :XXXX:XXX:XXX:XXXX:XXXX:XXXX:XXXX:XXXX(Preferred)

   Link-local IPv6 Address . . . . . : XXXX:XXX:XXX:XXXX:XXXX:XXXX:XXXX:XXXX(Preferred)

   Default Gateway . . . . . . . . . :

   NetBIOS over Tcpip. . . . . . . . : Disabled

I've been attempting to work with the implementation engineers on resolving this, however, MS has said that putting location information on this adapter is impossible.  I'm not sure if that's the truth so I'll refrain from commenting.

Next I attempted to build another group that denoted ONLY for virtual adapters, that this should be a part of.  The group won't apply and through the Firesvc.log doesn't recognize it as virtual. 

I guess my questions pertain to people that have experience with both?  Has anyone worked with these and made a functional policy?  Is anyone familiar with using the registry entry location setting?  It seems like the last ditch effort on this only there is no guidance for using it and not having the settings apply to all adapters.  Thanks in advanced.

Chip

0 Kudos
3 Replies
greatscott
Level 12

Re: HIPs Location Aware Group and DirectAccess

why dont you make your LAG criteria based on your VPN address pool, or whatever DirectAccess IPv6 addresses are being assigned when you connect?

0 Kudos
mlmarshall3
Level 7

Re: HIPs Location Aware Group and DirectAccess

I'll plead my ignorance and ask if this is what you're mentioning as it's outside "location" settings:

You're looking at creating the ruleset by tab 3 network options and then associating the range of IPv6 address' that are assigned, correct?  That's outside what we've been tasked to do but I hadn't looked at that yet.  Could be a solution.

Chip

0 Kudos
greatscott
Level 12

Re: HIPs Location Aware Group and DirectAccess

Yes, thats what im describing. Setting up your network options to include your IPv6 ranges. Assuming you properly authenticated to your internal network and are pulling one of these IPv6 addresses, this would be probably no less or more secure than using the registry key, or any of the other settings.

0 Kudos