none
Can you have two UAG instances and two ISATAP routers?

    Pertanyaan

  • Hi all,

    We are trying to create two UAG Direct Access solutions in the same domain but are having some problems with what i believe is ISATAP.

    The first UAG instance works fine, ISATAP entry in DNS and able to access all internal resources and 'manage out'. However with the second instance we have homed the group policies to a particular test OU for now and am able to connect through it for most things except 2008 file shares. We can ping the servers fine through the DA client which resolves to the IPv6 address but when trying to UNC to them for file share access it fails.

    I think it is because the servers on the internal network are using the other instance of UAG as their ISATAP router but cant fully get my head around where the issue is. I tried following JJ's blog: http://blog.msedge.org.uk/2011/11/limiting-isatap-services-to-uag.html to use a custom ISATAP router on my test client but with no luck.

    Any help/guidence would be much appreciated :)

    Ash

    23 Februari 2012 13:43

Jawaban

  • Another useful quote:

    Our solution focuses on using ISATAP and creating a single ISATAP cloud that spans all IPv4 subnets on the intranet. To do this, we need to deploy an ISATAP router at each site that has a UAG DirectAccess server or array. That ISATAP router needs to be on-link with the UAG DirectAccess server or array and needs to be assigned a native IPv6 address that is used to communicate to another IPv6 address that is configured on the UAG DirectAccess server or array.


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    • Ditandai sebagai Jawaban oleh Ashley Moore 23 Februari 2012 17:39
    23 Februari 2012 16:28
    Moderator

Semua Balasan

  • If you have multiple UAG instances (not in the same array), I think you need to move the ISATAP router off box and have one at each location. This is a quote from one of Tom's old articles: 

    Our solution focuses on using ISATAP and creating a single ISATAP cloud that spans all IPv4 subnets on the intranet. To do this, we need to deploy an ISATAP router at each site that has a UAG DirectAccess server or array. That ISATAP router needs to be on-link with the UAG DirectAccess server or array and needs to be assigned a native IPv6 address that is used to communicate to another IPv6 address that is configured on the UAG DirectAccess server or array.


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    23 Februari 2012 16:08
    Moderator
  • P.S. Some of Tom's articles have now been removed from his Edge blog, but I have some offline copies if you want email me (Rich has my address) I can forward them on... ;)

    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    23 Februari 2012 16:13
    Moderator
  • Another useful quote:

    Our solution focuses on using ISATAP and creating a single ISATAP cloud that spans all IPv4 subnets on the intranet. To do this, we need to deploy an ISATAP router at each site that has a UAG DirectAccess server or array. That ISATAP router needs to be on-link with the UAG DirectAccess server or array and needs to be assigned a native IPv6 address that is used to communicate to another IPv6 address that is configured on the UAG DirectAccess server or array.


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    • Ditandai sebagai Jawaban oleh Ashley Moore 23 Februari 2012 17:39
    23 Februari 2012 16:28
    Moderator
  • Thanks JJ for the offline files, I think i understand now why it was so difficult to find documentation on this!
    23 Februari 2012 17:40