A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

Allowing DirectAccess to other internal Subnets or VLANs in your Network

,

If you’ve got DirectAccess running in your environment for remote access you’ll know how great and seamless it is for your end users. For businesses with large segmented internal networks we need to make sure that your external users can access all of the internal resources they need.

For this to happen we need to add static routes to our DirectAccess servers so that remote users can access these other networks.  Your DirectAccess server should have two NICs with one being the external and the other for your LAN, we add these static routes onto the LAN (as the Gateway has been defined on the External NIC only). We can issue the following PowerShell command to add a static route to an interface.

New-NetRoute -InterfaceAlias  -DestinationPrefix  -NextHop

an example is as follows

New-NetRoute -InterfaceAlias LAN -DestinationPrefix 10.1.10.0/24 -NextHop 10.1.1.1

This would allow any of our DirectAccess clients to access the 10.1.10.0/24 network even though our default internal network would be 10.1.1.0/24.

If need be you can use Remove-NetRoute to remove these static routes in future.

Leave a Reply

More Posts

Exchange Management with AD Users when using RSAT for Windows 7

One of the little things with the have annoyed me since I’ve started using the RSAT tools in Windows is the fact that there is no easy way to manage Exchange. Sure I can install the Exchange Management Pack and use that, but like most admin’s AD Users and Computers is open just about all […]

Check to see if your KMS can be contacted

Sometimes when deploying computers in our organisation, they don’t see our KMS server and automatically activate (even though they are told to do so via our unattend.xml). 9 times out of 10 it’s the client itself having issues just talking to your KMS server. To check and see if you can contact it, you can […]

Thoroughly cleaning up a WSUS server

I was recently tasked with performing a clean-up of some of our servers, removing old files/software installations as well as a clean-up of our WSUS server.  After a quick look I could see that our previous administrator had set it to download Driver updates as well, which was taking up quite a large amount of […]