I give demonstrations and help companies plan the implementation of DirectAccess almost every day, and this question seems to be one of the hardest to answer for everyone, so let's tackle it first. Many of you who are working with Server 2012 DirectAccess are coming with some experience of the previous iteration, Unified Access Gateway (UAG) DirectAccess.
In running DirectAccess through UAG, there was a hard requirement for the server to have two public IP addresses on the external network interface. These had to be true public, Internet IPv4 addresses, and they had to be consecutive. I have personally never had a customer here in the US who had any trouble coming up with the necessary addresses, but I have read that this was an issue for some folks out there, and so it makes sense that Microsoft would try to address this "blocker to implementation" and allow the DirectAccess server to be placed behind a NAT.
Before we talk in detail on this, I'd like to provide a little...