>From all that I saw/read, it does look like very effective technology. But, it's already on the way out, which could hurt from a time/investment standpoint (as if Microsoft is the only vendor that creates this problem for us...)
Just saying. It worked out for me, in this instance. :) Regards, *ASB* On Thu, Nov 16, 2017 at 5:03 PM, Michael B. Smith <mich...@smithcons.com> wrote: > Actually Direct Access is da bomb! And I think they did a great job on it. > > > > HOWEVER – they overestimated how quickly IPv6 would be deployed in the > enterprise (as did most) and underestimated (as did most) the impact of > handheld/BYOD. > > > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Andrew S. Baker > *Sent:* Thursday, November 16, 2017 3:37 PM > > *To:* ntsysadm > *Subject:* Re: [NTSysADM] Looking for a global VPN solution - looking for > input > > > > I'm glad I didn't spend too much time on DirectAccess... > > > Regards, > > *ASB* > > > > On Mon, Nov 13, 2017 at 9:08 PM, Michael B. Smith <mich...@smithcons.com> > wrote: > > So.... just a data point to consider. > > Microsoft is kinda moving away from DirectAccess. > > Many of the security functionalities added in Server 2016 won't work with > DA. > > Instead you need to be using their Automatic VPN. The endpoint isn't very > relevant, although they push RRAS. > > For example, WIP doesn't work properly with DA. Only with AVPN. > > -----Original Message----- > From: listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] On Behalf Of Kurt Buff > > Sent: Monday, November 13, 2017 8:19 PM > To: ntsysadm > Subject: Re: [NTSysADM] Looking for a global VPN solution - looking for > input > > Arg - that should be "seeking commercial services".. > > And, once I bring recommendations, it might well be that we just fall back > to a DirectAccess server in each office, with our without a multi-site > configuration, potentially with an SSP VPN appliance also at each office > for backup and contractors, and call it good. > > Kurt > > On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > > I'm not sure either, but that's the task I've been given - not > > necessarily to implement at this stage, but to scope out the > > alternatives and come up with some possibilities. > > > > It's also why I'm seeing recommendations on commercial services, so > > that our implementation requirements are minimized. > > > > Kurt > > > > On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale > > <jcas...@activenetwerx.com> wrote: > >> I've done a lot of openvpn setups in a myriad of formats, site to site, > hub and spoke, client etc. > >> It works well and there are even some lesser documented features that > do some neat stuff but you are now rolling your solution and marinating it > manually. > >> Not sure how well that will scale unless you have a skilled team. > >> > >>> -----Original Message----- > >>> From: listsad...@lists.myitforum.com > >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff > >>> Sent: Monday, November 13, 2017 5:22 PM > >>> To: ntsysadm <NTSysADM@lists.myitforum.com> > >>> Subject: [NTSysADM] Looking for a global VPN solution - looking for > >>> input > >>> > >>> All, > >>> > >>> 1) For staff, currently we're using DirectAccess on 2012R2 as our > >>> primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto > >>> Global Protect) as primary for our overseas offices and secondary > >>> for the US (Sonicwall). > >>> > >>> 2) In the US office, we also have contractors/consultants needing to > >>> use our SSL VPN for access to various resources, and that will > >>> likely expand to our overseas offices soon. Differentiation and > >>> securing resources is even more important here than in 1). > >>> > >>> 3) We also stand up IPSec tunnels for vendors/partners as needed > >>> (lab to lab), for interoperability/compatibility testing. > >>> > >>> We're looking to get into a solution that will take care of at least > >>> the first two (and ideally the third as well), so that we don't have > >>> so many platforms to support, and so that we can make sure that > >>> staff in the field get the fasted connection available. > >>> > >>> I've taken a quick gander at the websites for vyprvpn (Golden Frog), > >>> and OpenVPN (commercial client offering), but don't have much of an > >>> opinion on them, as info about them is a bit thin. > >>> > >>> Anyone have experience with solutions like this, and care to comment? > >>> > >>> Thanks, > >>> > >>> Kurt > >>> > >> > > > >