The Edge Man Talks about DirectAccess and Ping Considerations

By /

image The “Edge Man” Tom Shinder discusses an interesting issue in his blog post on using ping to troubleshoot DirectAccess connections.

It had been my impression that if I could ping the UAG DirectAccess server and hosts behind the UAG DirectAccess server then everything was good in terms of the DirectAccess connectivity situation. However, what I learned from this article is that ping is only half of the story.

When you can ping the UAG DirectAccess server and resources behind it, it tells you that the IPv6 transition technologies are working fine and that routing for the IPv6 transition technologies is also working.

However, it doesn’t tell you anything about whether or not the DirectAccess tunnels are connected, since ICMP is exempt from IPsec protection. And since the infrastructure and intranet tunnels are IPsec tunnels, ping doesn’t provide any information about these.

Make sure to check out Tom’s article on this subject over at:

http://blogs.technet.com/b/tomshinder/archive/2010/07/14/considerations-when-using-ping-to-troubleshoot-directaccess-connectivity-issues.aspx

HTH,

Deb

DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
[email protected]

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top