Requirements for Direct Access
On the client:
Joined to an Active Directory domain
Running Windows 7 Ultimate or Enterprise edition or Windows Server 2008 R2.Clients not joined to an Active Directory domain or clients running Windows Vista or earlier or Windows Server 2008 or earlier are not supported.
On the server:
Joined to an Active Directory domain
Running Windows Server 2008 R2
Has at least two physical network adapters installed
Has at least two consecutive static, public IPv4 addresses that are externally resolvable through the Internet DNS
Cannot be behind a NAT.
There are also some requirements for the infrastructure:
Active Directory: At least one Active Directory domain must be deployed. Workgroups are not supported
Group Policy: Group policy is recommended for centralized administration and deployment of DirectAccess client settings. The DirectAccess Setup wizard creates a set of Group Policy objects and settings for DirectAccess clients, the DirectAccess server, and management servers.
DNS/domain controller: At least one domain controller and DNS server must be running Windows Server 2008 SP2 or later or Windows Server 2008 R2.
Public key infrastructure (PKI): Required to issue computer certificates for authentication, and optionally, health certificates when using Network Access Protection.(NAP)
The SSL certificate for IP-HTTPS installed on the DirectAccess server must have a CRL distribution point that is reachable from the Internet,and the Subject field must contain either a public IPv4 address assigned to the DirectAccess server or an FQDN,that can be resolved to a public IPv4 address assigned to the DirectAccess server using the Internet DNS.
The SSL certificate for the network location server must have a CRL distribution point that is reachable from the intranet,and the Subject field must contain either an intranet IPv4 address assigned to the network location server,or an FQDN that can be resolved to an intranet IPv4 address assigned to the network location server using the intranet DNS.
IPsec policies DirectAccess utilizes IPsec policies configured and administered as part of Windows Firewall with Advanced Security.
Allow ICMPv6 Echo Request traffic You must create separate inbound and outbound rules that allow ICMPv6 Echo Request messages. The inbound rule is required to allow ICMPv6 Echo Request messages and is scoped to all profiles. The outbound rule to allow ICMPv6 Echo Request messages, scoped to all profiles, is
recommended as a best practice and is only required if Outbound block is turned on. DirectAccess clients that use Teredo for IPv6 connectivity to the intranet use ICMPv6 message when establishing communication.
IPv6 and transition technologies IPv6 and the transition technologies ISATAP, Teredo, and 6to4 must be available for use on the DirectAccess server.