In part 1 of this series, we configured DirectAccess for IP-HTTPS connection in a simple (home) environment: One public IPv4 environment, a poor router (ISP box), One internal Lan and a Remote Access that runs Windows Server 2012 core.
- Part 1: Implementing a Basic DirectAccess configuration with IP-HTTPS on Windows Server 2012 Core
- Part 2: Reporting and Optimizing IP-HTTPS connections
- Part 3: Authenticating IP-HTTPS connections with a PKI certificate
- Part 4: Authenticating DirectAccess clients with certificates
- Part 5: Troubleshooting guide for DirectAccess
- Part 6: Configuring DirectAccess for Windows 7
Everything works fine and my client computer can join my internal network from the Internet through a DirectAccess tunnel with IP-HTTPS protocol.
We can now start with more advanced concepts. In this part, I propose to get reports on DirectAccess connection and to improve the IP-HTTPS connection times.
PART 2: REPORTING AND OPTIMIZING IP-HTTPS CONNECTIONS
1. Enable Reporting
On the Remote Access console, Select the Reporting node
Click on Configure Accounting
Select Use inbox accounting
You can configure logs retention delay
Click on Apply
Reporting is now enabled
You only have to define the reporting period and click on Generate Report to get information about previous connections.
In next parts, I will show you some use cases especially with client authentication.
2. Improve connection time
DirectAccess client tries to create connection with 3 protocols successively:
- 6to4
- Teredo
- IP-HTTPS
Unfortunatly, 6to4 doesn't support NAT and Teredo requires 2 consecutive public IP addresses.
The only available protocol in our case is IP-HTTPS. In order to reduce connection time, you can disable other protocols on the client computers.
Type the following command lines on your client:
Type the following command lines on your client:
netsh interface isatap set state disabled
netsh interface ipv6 6to4 set state disabled
netsh interface teredo set state disabled
netsh interface ipv6 6to4 set state disabled
netsh interface teredo set state disabled
On my own experience, without that improvement, it takes up to 1'30" to be connected. After that improvement, It takes only 40".
I hope you enjoy that easy and short part. Keep your energy, in the next parts, we will discuss on authentication with certificates and PKI !
See you soon
Julien
Aucun commentaire:
Enregistrer un commentaire
Remarque : Seul un membre de ce blog est autorisé à enregistrer un commentaire.