• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

IPv6 strange behaviour

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> IPv6 strange behaviour Page: [1]
Login
Message << Older Topic   Newer Topic >>
IPv6 strange behaviour - 19.Jan.2011 2:40:10 PM   
ilya7b6

 

Posts: 7
Joined: 14.Jan.2011
Status: offline
Hello dear friends.

We have a strange behaviour of
Windows 2008 servers servers in our network. It is dealing with IPv6 configuration.

We are deploying ForeFront UAG 2010 with SP1 with DirectAccess feature in IPv4 network infrastructure.
So  everything's going reasonably good, but one strange thing.

We are having ForeFront UAG 2010 with SP1 installed operating as ISATAP router and DNS64 and NAT64.

It is placed in DMZ. There is a firewall between it and all other corpnet.

So when a server in a corpnet is granted an access to the ISATAP router, and have IPv6 enabled on an interface in Network Settings,
everything's going fine. It receives an IPv6 address and starts using it as a default source address in its interoperation
with the other network resources. Thus it is using the ISATAP router as a "router" to access other IPv6 servers and a "gateway"
to interoperate with all other IPv4 servers.

When a server in a corpnet has !NO! IPv6 enabled in Network Settings, and DO HAS an access to the ISATAP router,
then it get the IPv6 address from it and starts trying to interoperate with the other network resources using its IPv6
address as a default source address, but here it fails to send anything, because it has no IPv6 protocol enabled on an interface in
Network Settings. This behaviour leeds to corpnet resources inavailability to the server.

Is it "by design" behaviour, or this situation is caused by design mistakes or so?

Thanks in advance for Your answer.


With respect and kind regards
Ilya Serov.
Post #: 1
RE: IPv6 strange behaviour - 20.Jan.2011 4:43:22 AM   
richflee25

 

Posts: 16
Joined: 2.Jun.2006
Status: offline
You could disable the ISATAP adpater on the servers having the problems it would then not configure itself with an ISATAP address.

(in reply to ilya7b6)
Post #: 2
RE: IPv6 strange behaviour - 25.Jan.2011 9:40:07 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
If you want to enable ISATAP for only a collection of management servers, then you can remove the ISATAP entry from DNS and put it in the HOSTS file of the management servers.

I'll do a blog post on this in the near future.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to richflee25)
Post #: 3
RE: IPv6 strange behaviour - 26.Jan.2011 3:23:13 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: tshinder

If you want to enable ISATAP for only a collection of management servers, then you can remove the ISATAP entry from DNS and put it in the HOSTS file of the management servers.

I'll do a blog post on this in the near future.

Thanks!
Tom


Yeah, I've done this recently.

Alternatively, you can use Group Policy to disable the ISATAP interface on all machines EXCEPT the management servers...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 4
RE: IPv6 strange behaviour - 26.Jan.2011 7:57:27 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Good point Jason, and if you have more than a couple of management servers, I agree that Group Policy is the more managable and scalable solution.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 5
RE: IPv6 strange behaviour - 31.Jan.2011 3:37:28 AM   
ilya7b6

 

Posts: 7
Joined: 14.Jan.2011
Status: offline
Hi, dear friends.

Thanks a lot for Your support. As I guess from above posts this behavior IS "by design", am I right?
So would You be so kind to give me a hint of a correct key I am to change in group policy to disable ISATAP interface?

Thanks in advance.

With respect and kind regards.
Ilya Serov.

(in reply to tshinder)
Post #: 6
RE: IPv6 strange behaviour - 31.Jan.2011 7:22:01 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
http://forums.isaserver.org/m_2002105513/mpage_1/key_/tm.htm#2002106450

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to ilya7b6)
Post #: 7
RE: IPv6 strange behaviour - 1.Feb.2011 7:00:52 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 8
RE: IPv6 strange behaviour - 6.Aug.2011 4:48:23 AM   
wangyin

 

Posts: 5
Joined: 6.Aug.2011
Status: offline
If you desire to allow ISATAP for only a choice of therapy servers, then you certainly can remove the ISATAP entry from DNS and place it all through the HOSTS document belonging using the therapy servers.

_____________________________

Cheap Gucci Shoes|Cheap Gucci Boots|Gucci Designer Shoes

(in reply to tshinder)
Post #: 9
RE: IPv6 strange behaviour - 7.Dec.2012 2:02:28 AM   
luckydog

 

Posts: 3
Joined: 7.Dec.2012
Status: offline
We are deploying ForeFront UAG 2010 with SP1 with DirectAccess feature in IPv4 network infrastructure.
So  everything's going reasonably good, but one strange thing.

We are having ForeFront UAG 2010 with SP1 installed operating as ISATAP router and DNS64 and NAT64.

It is placed in DMZ. There is a firewall between it and all other corpnet.

So when a server in a corpnet is granted an access to the ISATAP router, and have IPv6 enabled on an interface in Network Settings,
everything's going fine. It receives an IPv6 address and starts using it as a default source address in its interoperation
with the other network resources. Thus it is using the ISATAP router as a "router" to access other IPv6 servers and a "gateway"
to interoperate with all other IPv4 servers.










































































































































_______________________________________________________________________

______________
Tablette PC


Tablette Android



(in reply to wangyin)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> IPv6 strange behaviour Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts