locked
UAG/DA traffic from the INSIDE to the outside client denied! RRS feed

  • Question

  • So, using teredo with UAG and DirectAccess.

    My DA Client can access the domain controller (ping and rdp and cifs). However the domain controller can't "reach" the client. Even a simple ping is stopped... 

    The way I understand it is this should be allowed? Doing a ping from the server I get an error in the Forefront TMG:

    "A packet was dropped because its hop limit or time-to-live limit was execeeded."

    Does this mean TMG has an unexpected high demand for TTL? Can I lower that requirement?

    When I do a net view \\client I see no errors in the TMG - and the server eventually just times out...

    On the DA client I can see ICMPv6 Echo requests coming from the domain controller/server but I see no attempts of it attempting to reply (we've ofcourse allowed all kinds of ICMP in the Windows firewall) and pinging the IPv4 address of the DA client from the server works just fine... (the client is on a public IPv4 network, not rfc1918 so there's no NAT inbetween).

    Any tips!?

    • Edited by gojensen Wednesday, December 21, 2011 11:15 PM
    Wednesday, December 21, 2011 10:59 PM

All replies