locked
UAG DA not working in a natively connected environment RRS feed

  • Question

  • Hi,
    I need to deploy UAG DA for a partner workshop and a large german ipv6 presentation. But it doesn't work completely (at all).

    I've got native IPv6-address in my internal network (just a /64). The UAG isn't the router for the network. Let's try some ASCII-art:

    ---> ROUTER1 <----> ROUTER2 ----- intranet
            <----> (IPv6 /60) <----> (IPv6 /64)
            <----> (IPv4 /28) <----> (private IPv4)

    The UAG is in parallel to the ROUTER2, but doesn't advertise any routes through it. All traffic is routed by the ROUTER2. But I can ping with a teredo client through the UAG-DA to an internal resource.

    Nameresolution works fine, even if i disable dnscache. I can ping all the internal servers. I can see the incoming connection e.g. RDP-Session on the target host in the ressource monitor. But the connection isn't established properly.

    Would be nice to have someone here, to investigate my issues.

    Thanks

    Stefan
    Wednesday, March 3, 2010 8:52 PM

Answers

  • Maybe you need a less specific route using 2001::/32?

    Cheers

    JJ
    Jason Jones | Forefront MVP | Silversands Ltd
    • Marked as answer by Erez Benari Thursday, March 18, 2010 11:27 PM
    Friday, March 5, 2010 2:51 PM
  • Hi all,

    that's it! I had to place a route on all the internal IPv6 routers to pass all traffic for my 2001:0:AABB:CCDD::/64 or more universal 2001::/32 to the internal IPv6 of my UAG.

    One important thing: In IPv6 you have to specify the next hop! In IPv4 it was enough to tell the router about the target IP-address and if it was able to find an entry in the routing table, it passes the packet to its destination. This doesn't work in IPv6. So either you use a proper routing protocol or you guide the packet hop by hop.

    Hope that helps - for me everything is fine.

    Best regards

    Stefan

    Monday, March 22, 2010 8:31 AM

All replies

  • Could you have an asymmetric request/response path because UAG is not the gateway?

    Tom
    MS ISDUA/UAG DA Anywhere Access Team
    Thursday, March 4, 2010 5:43 PM
  • Hi Tom,

    this is more than possible. But on ROUTER2 I placed a route for 2001::40be:9793:0:0:0:0 /64 to 2a01:120:9003:18::189, which is the internal IP of the UAG.

    Does all Teredo-traffic run through UAG?

    Stefan
    Thursday, March 4, 2010 10:08 PM
  • Hi Stefan,

    Yes, I believe so. That might be the problem. I'll have to confirm though.

    Tom
    MS ISDUA/UAG DA Anywhere Access Team
    Friday, March 5, 2010 1:54 PM
  • Maybe you need a less specific route using 2001::/32?

    Cheers

    JJ
    Jason Jones | Forefront MVP | Silversands Ltd
    • Marked as answer by Erez Benari Thursday, March 18, 2010 11:27 PM
    Friday, March 5, 2010 2:51 PM
  • Hi all,

    that's it! I had to place a route on all the internal IPv6 routers to pass all traffic for my 2001:0:AABB:CCDD::/64 or more universal 2001::/32 to the internal IPv6 of my UAG.

    One important thing: In IPv6 you have to specify the next hop! In IPv4 it was enough to tell the router about the target IP-address and if it was able to find an entry in the routing table, it passes the packet to its destination. This doesn't work in IPv6. So either you use a proper routing protocol or you guide the packet hop by hop.

    Hope that helps - for me everything is fine.

    Best regards

    Stefan

    Monday, March 22, 2010 8:31 AM
  • Hi Stefan,

    Great! Good to hear that was the solution.

    Let us know how the presentation goes for you!

    Tom

    Monday, March 22, 2010 10:44 AM