locked
UAG DA : configure without IPv4 at all? RRS feed

  • Question

  • Can UAG DA be configured without any IPv4 addressing what so ever?

    (obviously this would limit client options, but that isn't the current concern)
    Friday, May 14, 2010 5:01 PM

Answers

  • There is no way to achieve that using UAG DA.

    What might work is if you configure those required IPv4 addresses, but those addresses won't be routeable anywhere.

    Just make up a couple of addresses for external and an address for internal.

    • Marked as answer by Erez Benari Wednesday, May 19, 2010 11:40 PM
    Tuesday, May 18, 2010 9:12 AM

All replies

  • I dont't think so. UAG us TMG and TMG anly support IPv4. So no IPv4 no TMG. No TMG no UAG. TMG/UAG only support IPv6 voor DA.
    Martijn B.
    Friday, May 14, 2010 8:14 PM
  • I would only be interested in using the TMG/UAG for the DA ability. I do agree restricting the DA server to use only native IPv6 on the external interface would stop remote clients from being able to use IPHTTPS and TEREDO and 6to4, but that's acceptible. I want to make native IPv6 the only option for remote clients wanting to access the internal resources. 

    The question is whether or not UAG DA can be configured with only a native IPv6 external interface to allow authenticated remote native IPv6 clients to access the internal resources?

    Friday, May 14, 2010 9:18 PM
  • This is possible, but I believe there is no official guidance for it at this time...

    http://social.technet.microsoft.com/Forums/en/forefrontedgeiag/thread/b286b1a6-2e21-4047-9979-1805aaa708d5

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Saturday, May 15, 2010 12:43 AM
  • Will the cliients be connecting only from the IPv6 Internet?

    Thanks!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team
    Monday, May 17, 2010 2:15 PM
  • Yes, the clients would only be using the IPv6 internet or only clients that can access the IPv6 internet are intended to have access to the UAG DA server for remote access.

    UAG DA just seems insistent on the two consecutive routable IPv4 addresses for teredo detection of NAT configuration even though I do not intend to use Teredo at all.
    Monday, May 17, 2010 4:23 PM
  • There is no way to achieve that using UAG DA.

    What might work is if you configure those required IPv4 addresses, but those addresses won't be routeable anywhere.

    Just make up a couple of addresses for external and an address for internal.

    • Marked as answer by Erez Benari Wednesday, May 19, 2010 11:40 PM
    Tuesday, May 18, 2010 9:12 AM
  • . . . that is kind of sad, but I guess it'll have to do.
    Tuesday, May 18, 2010 3:50 PM