• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Why Do I Need Two IP Public IP Addresses for DirectAccess

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> Why Do I Need Two IP Public IP Addresses for DirectAccess Page: [1]
Login
Message << Older Topic   Newer Topic >>
Why Do I Need Two IP Public IP Addresses for DirectAccess - 11.Mar.2010 9:34:30 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
I hear a lot of people ask why you need two public IP addresses to support DirectAccess.

The reason for this is that in order for Teredo to determine what type of NAT device the DA client is behind, it needs two public addresses on the Teredo server. Note that this is not required for the 6to4 and IP-HTTPS DA clients.

Teredo is the most common DA client configuration, with IP-HTTPS being far behind as the second most common configuration. In addition, IP-HTTPS doesn't perform nearly as well as Teredo, so you want to make sure you support Teredo as often as you can.

Thought you'd like to know :)

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Post #: 1
RE: Why Do I Need Two IP Public IP Addresses for Direct... - 11.Mar.2010 10:29:44 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Answering your own questions now???

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 2
RE: Why Do I Need Two IP Public IP Addresses for Direct... - 11.Mar.2010 11:40:28 AM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
He talks to himself a lot, Jason.

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to Jason Jones)
Post #: 3
RE: Why Do I Need Two IP Public IP Addresses for Direct... - 11.Mar.2010 12:03:23 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
So why the requirement for consecutive IP addresses?

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to tshinder)
Post #: 4
RE: Why Do I Need Two IP Public IP Addresses for Direct... - 12.Mar.2010 7:58:42 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hey, if no one else is going to ask questions, someone is going to have to pick up the ball.

The two consecutive IP addresses requirement isn't in the RFC, but the Windows 7 client expects it. Why? I wasn't at that meeting :)

The second address is used to determine that type of NAT the client is behind. For the details, check out RFC 4380 at http://www.rfc-editor.org/rfc/rfc4380.txt

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to richardhicks)
Post #: 5
RE: Why Do I Need Two IP Public IP Addresses for Direct... - 12.Mar.2010 8:04:42 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Oh yes, I get that the second IP address is to determine what type of NAT the system is behind (I was at that meeting!) but I was always confused as to why it had to be consecutive. I don't expect this to be a problem for most organizations, although it might be for some. I'd think that if you, as the administrator, could specify which two IP addresses you wanted to use that would suffice.

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to tshinder)
Post #: 6
RE: Why Do I Need Two IP Public IP Addresses for Direct... - 13.Mar.2010 10:11:53 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
That's a good point. While for some people use two consecutive addresses isn't a problem, I can see how it might be easier for a lot of people if they could just use any two addresses.

I'll see if I can find out why the Windows 7 team decided that the client should look for two consecutive addresses, instead of any two addresses.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to richardhicks)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> Why Do I Need Two IP Public IP Addresses for DirectAccess Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts