Checklist: Moving the IPsec Gateway to Another Server

Updated: July 22, 2010

Applies To: Windows Server 2008 R2

This checklist includes cross-reference links to important concepts about adding capacity to your DirectAccess deployment by moving the Internet Protocol security (IPsec) gateway function to another server when you are using the full intranet or selected server access models. It also contains links to procedures and other checklists that will help you complete the tasks that are required to implement this design.


Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic, a procedure, or to another checklist, return to this topic so that you can proceed with the remaining tasks in this checklist.

Checklist: Moving the IPsec gateway to another server

Task Reference

Review important concepts for moving the IPsec gateway to another server.

Capacity Planning for DirectAccess Servers

As needed by your design plan, configure the second server (the IPsec gateway) for the full intranet or selected server access model.

Checklist: Implementing a DirectAccess Design for Full Intranet Access

Checklist: Implementing a DirectAccess Design for Selected Server Access

Configure both servers on an intra-server subnet to support the dual-server configuration.

Configure the Intra-Server Subnet

Configure the IPv6 connectivity server as the 6to4 relay, Teredo server, and Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS) server.

Configure the IPv6 Connectivity Server

Configure the IPsec gateway server and the Group Policy settings for the new configuration.

Configure the IPsec Gateway Server