Drag and Drop Question
You are deploying DirectAccess to a server named DA1. DA1 will be located behind a firewall and
will have a single network adapter. The intermediary network will be IPv4. You need to configure
firewall to support DirectAccess. Which firewall rules should you create for each type of traffic? To
answer, drag the appropriate ports and protocols to the correct traffic types. Each port and protocol
may be used once, more than once, or not at all. You may need to drag the split bar between panes
or scroll to view content.
Answer: 
6to4 is Protocol ID 41
7
0
adminpack is right: https://en.wikipedia.org/wiki/6to4
2
0
Configure firewalls
When using additional firewalls in your deployment, apply the following Internet-facing firewall exceptions for Remote Access traffic when the DirectAccess server is on the IPv4 Internet:
Teredo traffic—User Datagram Protocol (UDP) destination port 3544 inbound, and UDP source port 3544 outbound.
6to4 traffic—IP Protocol 41 inbound and outbound.
IP-HTTPS—Transmission Control Protocol (TCP) destination port 443, and TCP source port 443 outbound. When the DirectAccess server has a single network adapter, and the network location server is on the DirectAccess server, then TCP port 62000 is also required.
4
0
Just guessing…
Could they mean you need to allow ICMP Traffic?
https://technet.microsoft.com/en-us/library/cc959827.aspx
Internet Control Message Protocol (ICMP), Protocol Number=1
https://technet.microsoft.com/en-us/library/ee649189(v=ws.10).aspx
Configure Packet Filters to Allow ICMP Traffic
0
0
6to4 is Protocol ID 41
0
0
If the DirectAccess server is behind an edge firewall, the following exceptions are required for Remote Access traffic when the DirectAccess server is on the IPv4 Internet:
-Teredo traffic—User Datagram Protocol (UDP) destination port 3544 inbound, and UDP source port 3544 outbound.
-6to4 traffic—IP Protocol 41 inbound and outbound.
-IP-HTTPS—Transmission Control Protocol (TCP) destination port 443, and TCP source port 443 outbound.
-If you are deploying Remote Access with a single network adapter, and installing the network location server on the DirectAccess server, TCP port 62000 should also be exempted.
1
0