The Edge Man Talks about DirectAccess and Ping Considerations

image The “Edge Man” Tom Shinder discusses an interesting issue in his blog post on using ping to troubleshoot DirectAccess connections.

It had been my impression that if I could ping the UAG DirectAccess server and hosts behind the UAG DirectAccess server then everything was good in terms of the DirectAccess connectivity situation. However, what I learned from this article is that ping is only half of the story.

When you can ping the UAG DirectAccess server and resources behind it, it tells you that the IPv6 transition technologies are working fine and that routing for the IPv6 transition technologies is also working.

However, it doesn’t tell you anything about whether or not the DirectAccess tunnels are connected, since ICMP is exempt from IPsec protection. And since the infrastructure and intranet tunnels are IPsec tunnels, ping doesn’t provide any information about these.

Make sure to check out Tom’s article on this subject over at:

http://blogs.technet.com/b/tomshinder/archive/2010/07/14/considerations-when-using-ping-to-troubleshoot-directaccess-connectivity-issues.aspx

HTH,

Deb

DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
[email protected]

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top