You need to ensure that DirectAccess clients access all…

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that has the Remote Access server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet.
You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess
connection.
What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that has the Remote Access server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet.
You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess
connection.
What should you do?

A.
Configure a DNS suffix search list on the DirectAccess clients.

B.
Configure DirectAccess to enable force tunneling.

C.
Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy
object (GPO).

D.
Enable the Route all traffic through the internal network policy setting in the DirectAccess Server Settings
Group Policy object (GPO).

Explanation:
With IPv6 and the Name Resolution Policy Table (NRPT), by default, DirectAccess clients separate their
intranet and Internet traffic as follows:
DNS name queries for intranet fully qualified domain names (FQDNs) and all intranet traffic is exchanged
over the tunnels that are created with the DirectAccess server or directly with intranet servers. Intranet traffic
from DirectAccess clients is IPv6 traffic.
DNS name queries for FQDNs that correspond to exemption rules or do not match the intranet namespace,
and all traffic to Internet servers, is exchanged over the physical interface that is connected to the Internet.
Internet traffic from DirectAccess clients is typically IPv4 traffic.
In contrast, by default, some remote access virtual private network (VPN) implementations, including the VPN
client, send all intranet and Internet traffic over the remote access VPN connection. Internet-bound traffic is
routed by the VPN server to intranet IPv4 web proxy servers for access to IPv4 Internet resources. It is possible
to separate the intranet and Internet traffic for remote access VPN clients by using split tunneling. This involves
configuring the Internet Protocol (IP) routing table on VPN clients so that traffic to intranet locations is sent over
the VPN connection, and traffic to all other locations is sent by using the physical interface that is connected to
the Internet.
You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server
with force tunneling. When force tunneling is configured, DirectAccess clients detect that they are on the
Internet, and they remove their IPv4 default route. With the exception of local subnet traffic, all traffic sent bythe DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.



Leave a Reply 0

Your email address will not be published. Required fields are marked *