In the past couple of months I did several sessions on Windows Server 2008 R2 and one of his great new features, DirectAccess. VPN technologies have one big disadvantage over DirectAccess, and that is that every time user has to start connection manually. Also, one of the questions is, why DirectAccess server need two consecutive public IP addresses. It is because computer account uses one to connect to DirectAccess server and it is used to manage computer from internal network and second IP address is used when user logs in and authenticates on Domain Controller of local network.
Can DirectAccess server be behind NAT? No. So, you can not put it behind ISA server. You can not install ISA on DirectAccess server since ISA is 32 bit application and it wouldn’t work on Windows Server 2008 R2. The solution will come in form of TMG, the new version of ISA server which has built in rules and protocols that support DirectAccess server feature in Windows Server 2008 R2.