DirectAccess Learning Roadmap

Published: November 12, 2009

Updated: February 18, 2011

Applies To: Windows Server 2008 R2

DirectAccess in Windows Server 2008 R2 and Windows 7 allows remote users to securely access enterprise shares, websites, and applications without connecting to a virtual private network (VPN). DirectAccess establishes bi-directional connectivity with a user’s enterprise network every time a user’s DirectAccess-enabled portable computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the enterprise network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.

If you are new to DirectAccess, this topic can help you identify what you need to learn to fully understand how to deploy and troubleshoot DirectAccess. It includes prerequisite topics that cover a variety of networking and IT infrastructure fundamentals. You must understand the prerequisite technologies first, because DirectAccess builds upon them and assumes an understanding of them. Afterwards, you can begin learning about DirectAccess through the resources in the Level 100 (introductory), 200 (intermediate), and 300 (advanced) sections.

We recommend that you read the topics in the order listed.

  • Prerequisites

  • Level 100

  • Level 200

  • Level 300


This section contains links to a variety of resources that contain the background information you need to fully understand how DirectAccess works.

Level 100

The following resources contain introductory information about DirectAccess.

Level 200

The following resources contain intermediate information about DirectAccess.

Level 300

The following resources contain advanced information about DirectAccess.

  • Step 1: Learn the details of IPsec protocols and packets, and how they are processed by Windows.

    See Chapter 18 – Internet Protocol Security (IPsec) of the Windows Server 2008 TCP/IP Protocols and Services ( Microsoft Press book.

    This chapter provides details of the IPsec protocols and examines the structure of IPsec packets.

    Your goal is to understand the different types of IPsec headers and trailers, message exchanges, and processing for IPsec-protected packets.

  • Step 2: Learn the details of the IP-HTTPS protocol.

    See the IP over HTTPS (IP-HTTPS) Tunneling Protocol Specification (

    This specification defines the Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS), which DirectAccess clients use to exchange IPv6 packets with the DirectAccess server when they cannot use 6to4 or Teredo.

    Your goal is to understand the different types of IP-HTTPS messages, message exchanges, and protocol details for the IP-HTTPS client (the DirectAccess client) and the IP-HTTPS server (the DirectAccess server).

Additional Resources

DirectAccess TechNet web page (