• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

What's the deal with IPv6 ICMP traffic?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What's the deal with IPv6 ICMP traffic? Page: [1]
Login
Message << Older Topic   Newer Topic >>
What's the deal with IPv6 ICMP traffic? - 3.May2010 10:44:45 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
The default configuration of DirectAccess allows ICMP traffic (ipv6 ping) to move between the DA client and DA server, as well as the internal network without IPsec protection. The reason for this is to make network issues easier to troubleshoot. The potential problem is that any IPv6 client can ping your internal network (there is some DoS protection). You might not like that. If so, you can disable this feature but you won't be able to use Teredo. That means you will only have IP-HTTPS and 6to4 available to use over the public IPv4 Internet. If that's not a problem for you, then check out http://technet.microsoft.com/en-us/library/ee649149(WS.10).aspx for more details on how to block the IPv6 ICMP traffic to the internal network. You'll have to use netsh to make some of the connection security rules, since the UI doesn't expose some of the options you'll need to use.
HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What's the deal with IPv6 ICMP traffic? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts