A Tale of Two Tunnels
The DirectAccess client establishes two tunnels, which are key to the versatility of this method of remote access. These tunnels are IPsec ESP tunnels that are authenticated and encrypted to ensure the confidentiality. These tunnels are as follows:
• Computer tunnel—The computer tunnel is established first when the DirectAccess client starts up. This tunnel is authenticated with the computer certificate only and provides access to the intranet DNS and domain controllers. This tunnel is also used to download the computer group policy and request user authentication.
• User tunnel—This tunnel is authenticated with the computer certificate and the user credentials and provides access to the intranet resources. This tunnel is ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
