locked
IPv6 Transition Protocols with Direct Access RRS feed

  • Question

  • We're rolling out pilot for UAG Direct Access on our IPv4 network. I'm trying to understand what protocols the clients will be using on the remote end, or how I should go about deciding which are best fit for our environment.

    I know from this forum that IPv6 transitional protocols for DA clients include ISATAP, Teredo, IP-HTTPS, and 6to4. But not sure which ones to use when. I know that some of the public documents say that IP-HTTPS should be used as a last resort. Want to have this nailed down before deployment.

    Thanks, Bill

    Monday, March 5, 2012 1:44 AM

Answers

  • Hi

    Client colputer will use transition protocols depending on network condition. For this reason your UAG box must acept 6TO4, Teredo and IPHTTPS. Consider that 6TO4 is to be used only in a vry limited set of situations because it requires a public IPV4 address on the client-side.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Marked as answer by Beachnut_ Monday, March 5, 2012 9:13 PM
    Monday, March 5, 2012 6:17 AM

All replies

  • Hi

    Client colputer will use transition protocols depending on network condition. For this reason your UAG box must acept 6TO4, Teredo and IPHTTPS. Consider that 6TO4 is to be used only in a vry limited set of situations because it requires a public IPV4 address on the client-side.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Marked as answer by Beachnut_ Monday, March 5, 2012 9:13 PM
    Monday, March 5, 2012 6:17 AM
  • Thanks BenoitS ... that makes sense.

    We will make sure that our UAG box accepts 6to4, Teredo, and IPHTTPS. I see from another TechNet article that the DA client will try to connect in a preferred order beginning with native IPv6, followed by 6to4 if client has public IPv4 address (unlikely), then over Teredo if the client is behind NAT with IPv4 private address, and finally fall back to IPHTTPS if first three are not possible.

    Unfortunately our ORG wants to block split-tunneling, so guess we're forced to use IPHTTPS. :(

    Thanks again, Bill


    Bill nash

    Monday, March 5, 2012 9:13 PM