What's the deal with IPv6 ICMP traffic? (Full Version)

All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess



Message


tshinder -> What's the deal with IPv6 ICMP traffic? (3.May2010 10:44:45 AM)

The default configuration of DirectAccess allows ICMP traffic (ipv6 ping) to move between the DA client and DA server, as well as the internal network without IPsec protection. The reason for this is to make network issues easier to troubleshoot. The potential problem is that any IPv6 client can ping your internal network (there is some DoS protection). You might not like that. If so, you can disable this feature but you won't be able to use Teredo. That means you will only have IP-HTTPS and 6to4 available to use over the public IPv4 Internet. If that's not a problem for you, then check out http://technet.microsoft.com/en-us/library/ee649149(WS.10).aspx for more details on how to block the IPv6 ICMP traffic to the internal network. You'll have to use netsh to make some of the connection security rules, since the UI doesn't expose some of the options you'll need to use.
HTH,
Tom




Page: [1]