• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Can I reach internal hosts using an IP address over DirectAccess?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> Can I reach internal hosts using an IP address over DirectAccess? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Can I reach internal hosts using an IP address over Dir... - 12.Jul.2010 11:04:48 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
That's a good question and the answer is yes.

However, there is a little more to it. As you know, the Name Resolution Policy Table (NRPT) is used to determine whether a connection should go through the DirectAccess tunnels or directly to the Internet. But what if you want to connect using an IP address? No problem! However, you will need to know the IPv6 address of the resource you want to connect to on the intranet. You can't use the IPv4 address because the DirectAccess client *always* uses IPv6 to communicate with the DirectAccess server.

You can test this out yourself quickly by doing a little test. First, find out the ISATAP address of a server on your intranet. Then open a command prompt and do a:

Net view \\IPv6_address_of_server

Bam! It worked.

However, the trick is to do the same thing with servers that are IPv4 only, since they don't have an IPv6 address. Do connect to these resources using an IP address, you need to be able to convert their IPv4 address to an IPv6 address, using the NAT64 algorithm.

Do you know how to do that? If so, then publish it by tomorrow and I'll send you a free copy of our new book!

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Post #: 1
RE: Can I reach internal hosts using an IP address over... - 12.Jul.2010 6:47:57 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Start with the DNS64 /96 bits prefix and then add the IPv4 address as the last 32 bits

I've got the book already, but keep the credit for one of the upoming Forefront books

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 2
RE: Can I reach internal hosts using an IP address over... - 14.Jul.2010 10:57:34 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
That's right :)

OK, you've got a copy of the eBooks coming out!

BTW - I went through the procedure in the recent Edge Man post http://blogs.technet.com/b/tomshinder/archive/2010/07/14/considerations-when-using-ping-to-troubleshoot-directaccess-connectivity-issues.aspx?CommentPosted=true#commentmessage

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> Can I reach internal hosts using an IP address over DirectAccess? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts