End-to-end Traffic Protection

Applies To: Windows 7, Windows Server 2008 R2


This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (http://go.microsoft.com/fwlink/?LinkId=179988).

You can specify that the traffic between DirectAccess clients and intranet applications servers is protected from end-to-end. In most virtual private network (VPN) solutions, the protection only extends to the VPN server. This capability for end-to-end traffic protection provides additional security for computers that are outside of the intranet. Additionally, by leveraging the flexibility and control that is possible with connection security rules in Windows Firewall with Advanced Security, you can specify that the end-to-end protection include encryption and not require that the traffic be tunneled to the DirectAccess server.