Your network contains an Active Directory domain named contoso.com. The domain contains multiple
sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from
the Internet, all of the traffic destined for the Internet must be routed through the corporate network.You need to recommend a solution for the planned DirectAccess deployment that meets the security
policy requirement
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?
A.
Yes
B.
No
Explanation:
With NAT64 and DNS64, the DirectAccess server now has the ability to take those client IPv6 packets and
spin them down into IPv4 packets, so you can simply leave your internal network all IPv4. So back in the
beginning it was standard practice to enable ISATAP globally. Today, because of the known issues, it is
recommended not to use ISATAP at all, unless you have a specific reason for needing it
Note: ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a
mechanism to perform Neighbor Discovery on top of IPv4.
IS ISATAP REQUIRED FOR DIRECTACCESS?
I think correct answer is B
(split tunnel needed)
Sorry:
Answer B (FORCE tunnelig needed)
Look that:
https://blogs.technet.microsoft.com/tomshinder/2010/03/30/more-on-directaccess-split-tunneling-and-force-tunneling/