Hello,
I did a little experiment with my DirectAccess connectivity.
I have a laptop with DirectAccess connectivity enabled with my domain username.
I logged in to my laptop with my local administrator account. Thus, DirectAccess mounts the IPSec ESP tunnel infrastructure and it is possible to querry DNS requests to my Intranet (even if I'm not authenticated with my domain account).
I realize I was able to netcat to the web servers (and more generally, to use netcat to connect to any TCP opened ports on the intranet). Here there are two things I do not understand.
- I know there are two DA servers in a DMZ. I guess the fact I am able to netcat where I want on the Intranet is due to a lack of firewalling. But is it, or is it just a consequence of the way DA works?
- Then, when seeing I could netcat to open ports, I tried to connect to the web server with my browser, but the connection timeout. I thought it was strange. I should mention that when querrying the web server with a GET request in netcat, I only receives HTTP headers qith a body length of 0. However, I do not understand why the browser querry timeout, and not the netcat one.
Thank you!