So.... just a data point to consider. Microsoft is kinda moving away from DirectAccess.
Many of the security functionalities added in Server 2016 won't work with DA. Instead you need to be using their Automatic VPN. The endpoint isn't very relevant, although they push RRAS. For example, WIP doesn't work properly with DA. Only with AVPN. -----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Monday, November 13, 2017 8:19 PM To: ntsysadm Subject: Re: [NTSysADM] Looking for a global VPN solution - looking for input Arg - that should be "seeking commercial services".. And, once I bring recommendations, it might well be that we just fall back to a DirectAccess server in each office, with our without a multi-site configuration, potentially with an SSP VPN appliance also at each office for backup and contractors, and call it good. Kurt On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > I'm not sure either, but that's the task I've been given - not > necessarily to implement at this stage, but to scope out the > alternatives and come up with some possibilities. > > It's also why I'm seeing recommendations on commercial services, so > that our implementation requirements are minimized. > > Kurt > > On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale > <jcas...@activenetwerx.com> wrote: >> I've done a lot of openvpn setups in a myriad of formats, site to site, hub >> and spoke, client etc. >> It works well and there are even some lesser documented features that do >> some neat stuff but you are now rolling your solution and marinating it >> manually. >> Not sure how well that will scale unless you have a skilled team. >> >>> -----Original Message----- >>> From: listsad...@lists.myitforum.com >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >>> Sent: Monday, November 13, 2017 5:22 PM >>> To: ntsysadm <NTSysADM@lists.myitforum.com> >>> Subject: [NTSysADM] Looking for a global VPN solution - looking for >>> input >>> >>> All, >>> >>> 1) For staff, currently we're using DirectAccess on 2012R2 as our >>> primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto >>> Global Protect) as primary for our overseas offices and secondary >>> for the US (Sonicwall). >>> >>> 2) In the US office, we also have contractors/consultants needing to >>> use our SSL VPN for access to various resources, and that will >>> likely expand to our overseas offices soon. Differentiation and >>> securing resources is even more important here than in 1). >>> >>> 3) We also stand up IPSec tunnels for vendors/partners as needed >>> (lab to lab), for interoperability/compatibility testing. >>> >>> We're looking to get into a solution that will take care of at least >>> the first two (and ideally the third as well), so that we don't have >>> so many platforms to support, and so that we can make sure that >>> staff in the field get the fasted connection available. >>> >>> I've taken a quick gander at the websites for vyprvpn (Golden Frog), >>> and OpenVPN (commercial client offering), but don't have much of an >>> opinion on them, as info about them is a bit thin. >>> >>> Anyone have experience with solutions like this, and care to comment? >>> >>> Thanks, >>> >>> Kurt >>> >>
