Deb Shinder Blog RSS

All Blogs  »  Deb Shinder Blog  »  News ISA Central  »  Blog article: The Edge Man Talks about DirectAccess and Ping Considerations

The Edge Man Talks about DirectAccess and Ping Considerations

image The “Edge Man” Tom Shinder discusses an interesting issue in his blog post on using ping to troubleshoot DirectAccess connections.

It had been my impression that if I could ping the UAG DirectAccess server and hosts behind the UAG DirectAccess server then everything was good in terms of the DirectAccess connectivity situation. However, what I learned from this article is that ping is only half of the story.

When you can ping the UAG DirectAccess server and resources behind it, it tells you that the IPv6 transition technologies are working fine and that routing for the IPv6 transition technologies is also working.

However, it doesn’t tell you anything about whether or not the DirectAccess tunnels are connected, since ICMP is exempt from IPsec protection. And since the infrastructure and intranet tunnels are IPsec tunnels, ping doesn’t provide any information about these.

Make sure to check out Tom’s article on this subject over at:

http://blogs.technet.com/b/tomshinder/archive/2010...s.aspx

HTH,

Deb

DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
dshinder@isaserver.org

This entry was posted on Thursday, July 22nd, 2010 at 7:09 am and is filed under News, ISA Central. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply




Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!

Follow TechGenix on Twitter