Hello,
I am not sure if this is supposed to work by default or not, but it doesn't seem to be.
Our DA server is dual-homed, an internal adapter on a special subnet with rules allowing access to our real internal subnets and an external adapter in our DMZ. The setup works great for accessing internal resources, however we cannot access other resources in the DMZ from DA clients. For example, public web servers and such. I believe this is due to NAT64/DNS64 not working for the external adapter? Doing a Get-nettransitionmonitoring shows a mapping for inbound address of the internal network adapter IP and then outbound as the correct DMZ machine IP, but nothing gets through. We were trying a ping and I saw with Microsoft Network Monitor the ping get to the DA server and the DA server tries sending it to thr NAT64 (fdxx...) IP of the DMZ server, but the DMZ server never sees it.
Is it possible get routes to the external network to work without excluding lots of DMZ machines from going through the DA tunnel? Thanks!