IPv6 strange behaviour (Full Version)

All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess



Message


ilya7b6 -> IPv6 strange behaviour (19.Jan.2011 2:40:10 PM)

Hello dear friends.

We have a strange behaviour of
Windows 2008 servers servers in our network. It is dealing with IPv6 configuration.

We are deploying ForeFront UAG 2010 with SP1 with DirectAccess feature in IPv4 network infrastructure.
So  everything's going reasonably good, but one strange thing.

We are having ForeFront UAG 2010 with SP1 installed operating as ISATAP router and DNS64 and NAT64.

It is placed in DMZ. There is a firewall between it and all other corpnet.

So when a server in a corpnet is granted an access to the ISATAP router, and have IPv6 enabled on an interface in Network Settings,
everything's going fine. It receives an IPv6 address and starts using it as a default source address in its interoperation
with the other network resources. Thus it is using the ISATAP router as a "router" to access other IPv6 servers and a "gateway"
to interoperate with all other IPv4 servers.

When a server in a corpnet has !NO! IPv6 enabled in Network Settings, and DO HAS an access to the ISATAP router,
then it get the IPv6 address from it and starts trying to interoperate with the other network resources using its IPv6
address as a default source address, but here it fails to send anything, because it has no IPv6 protocol enabled on an interface in
Network Settings. This behaviour leeds to corpnet resources inavailability to the server.

Is it "by design" behaviour, or this situation is caused by design mistakes or so?

Thanks in advance for Your answer.


With respect and kind regards
Ilya Serov.




richflee25 -> RE: IPv6 strange behaviour (20.Jan.2011 4:43:22 AM)

You could disable the ISATAP adpater on the servers having the problems it would then not configure itself with an ISATAP address.




tshinder -> RE: IPv6 strange behaviour (25.Jan.2011 9:40:07 AM)

If you want to enable ISATAP for only a collection of management servers, then you can remove the ISATAP entry from DNS and put it in the HOSTS file of the management servers.

I'll do a blog post on this in the near future.

Thanks!
Tom




Jason Jones -> RE: IPv6 strange behaviour (26.Jan.2011 3:23:13 AM)

quote:

ORIGINAL: tshinder

If you want to enable ISATAP for only a collection of management servers, then you can remove the ISATAP entry from DNS and put it in the HOSTS file of the management servers.

I'll do a blog post on this in the near future.

Thanks!
Tom


Yeah, I've done this recently.

Alternatively, you can use Group Policy to disable the ISATAP interface on all machines EXCEPT the management servers...

Cheers

JJ




tshinder -> RE: IPv6 strange behaviour (26.Jan.2011 7:57:27 AM)

Good point Jason, and if you have more than a couple of management servers, I agree that Group Policy is the more managable and scalable solution.

Thanks!
Tom




ilya7b6 -> RE: IPv6 strange behaviour (31.Jan.2011 3:37:28 AM)

Hi, dear friends.

Thanks a lot for Your support. As I guess from above posts this behavior IS "by design", am I right?
So would You be so kind to give me a hint of a correct key I am to change in group policy to disable ISATAP interface?

Thanks in advance.

With respect and kind regards.
Ilya Serov.




Jason Jones -> RE: IPv6 strange behaviour (31.Jan.2011 7:22:01 AM)

http://forums.isaserver.org/m_2002105513/mpage_1/key_/tm.htm#2002106450




tshinder -> RE: IPv6 strange behaviour (1.Feb.2011 7:00:52 AM)

Thanks!
Tom




wangyin -> RE: IPv6 strange behaviour (6.Aug.2011 4:48:23 AM)

If you desire to allow ISATAP for only a choice of therapy servers, then you certainly can remove the ISATAP entry from DNS and place it all through the HOSTS document belonging using the therapy servers.




luckydog -> RE: IPv6 strange behaviour (7.Dec.2012 2:02:28 AM)

We are deploying ForeFront UAG 2010 with SP1 with DirectAccess feature in IPv4 network infrastructure.
So  everything's going reasonably good, but one strange thing.

We are having ForeFront UAG 2010 with SP1 installed operating as ISATAP router and DNS64 and NAT64.

It is placed in DMZ. There is a firewall between it and all other corpnet.

So when a server in a corpnet is granted an access to the ISATAP router, and have IPv6 enabled on an interface in Network Settings,
everything's going fine. It receives an IPv6 address and starts using it as a default source address in its interoperation
with the other network resources. Thus it is using the ISATAP router as a "router" to access other IPv6 servers and a "gateway"
to interoperate with all other IPv4 servers.










































































































































_______________________________________________________________________

______________
Tablette PC


Tablette Android






kanwalatif148@gmail. -> RE: IPv6 strange behaviour (27.Feb.2015 11:49:36 PM)

I've posted this in our Microsoft Partner forums but the engineer said UAG is currently not supported there so I hope someone else might be able to help here:

I've been running into an issue while generating the policies at the end of configuring UAG. It appears to be a certificate issue and I've tried changing the:

"Browse and select a root or intermediate certificate that verifies certificates sent by DirectAccess clients."

to:

1. Use root certificate

2. Use intermediate certificate

but both throw an error while generating th[:'(][:@][;)][:D]





_____________________
عاطف رضا




Page: [1]