We have a strange behaviour of Windows 2008 servers servers in our network. It is dealing with IPv6 configuration.
We are deploying ForeFront UAG 2010 with SP1 with DirectAccess feature in IPv4 network infrastructure. So everything's going reasonably good, but one strange thing.
We are having ForeFront UAG 2010 with SP1 installed operating as ISATAP router and DNS64 and NAT64.
It is placed in DMZ. There is a firewall between it and all other corpnet.
So when a server in a corpnet is granted an access to the ISATAP router, and have IPv6 enabled on an interface in Network Settings, everything's going fine. It receives an IPv6 address and starts using it as a default source address in its interoperation with the other network resources. Thus it is using the ISATAP router as a "router" to access other IPv6 servers and a "gateway" to interoperate with all other IPv4 servers.
When a server in a corpnet has !NO! IPv6 enabled in Network Settings, and DO HAS an access to the ISATAP router, then it get the IPv6 address from it and starts trying to interoperate with the other network resources using its IPv6 address as a default source address, but here it fails to send anything, because it has no IPv6 protocol enabled on an interface in Network Settings. This behaviour leeds to corpnet resources inavailability to the server.
Is it "by design" behaviour, or this situation is caused by design mistakes or so?
If you want to enable ISATAP for only a collection of management servers, then you can remove the ISATAP entry from DNS and put it in the HOSTS file of the management servers.
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:
ORIGINAL: tshinder
If you want to enable ISATAP for only a collection of management servers, then you can remove the ISATAP entry from DNS and put it in the HOSTS file of the management servers.
I'll do a blog post on this in the near future.
Thanks! Tom
Yeah, I've done this recently.
Alternatively, you can use Group Policy to disable the ISATAP interface on all machines EXCEPT the management servers...
Thanks a lot for Your support. As I guess from above posts this behavior IS "by design", am I right? So would You be so kind to give me a hint of a correct key I am to change in group policy to disable ISATAP interface?
If you desire to allow ISATAP for only a choice of therapy servers, then you certainly can remove the ISATAP entry from DNS and place it all through the HOSTS document belonging using the therapy servers.
We are deploying ForeFront UAG 2010 with SP1 with DirectAccess feature in IPv4 network infrastructure. So everything's going reasonably good, but one strange thing.
We are having ForeFront UAG 2010 with SP1 installed operating as ISATAP router and DNS64 and NAT64.
It is placed in DMZ. There is a firewall between it and all other corpnet.
So when a server in a corpnet is granted an access to the ISATAP router, and have IPv6 enabled on an interface in Network Settings, everything's going fine. It receives an IPv6 address and starts using it as a default source address in its interoperation with the other network resources. Thus it is using the ISATAP router as a "router" to access other IPv6 servers and a "gateway" to interoperate with all other IPv4 servers.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> IPv6 strange behaviour 
IPv6 strange behaviour - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread