ManageOut with BIG-IP design RRS feed

  • Question

  • Hi, I have setup a single Win2012 DA server with Win7 Clients and it works pretty good.

    Now the plan is to add a second server with BIG-IP as the external load balancer. I have 2 questions about this.

    1. For ManageOut-enabled Clients (typical Helpdesk computers), I understand that they need native IPv6. If I understand correctly, those ManageOut Clients, they need to have an IPv6 address in the same range as the DA servers. The DA server (and the internal network) initially did not have any IPv6 address and the DA wizard created automatically an fdf1: address with a /64 prefix. My plan was to add IPv6 addresses in the same range to MangeOut Clients. But according to documentation, if you use an external load balancer, you need to change to a /59 prefix.

    Does the "Enable load balancing" wizard in Remote Access do this automatically?

    2. In order for ManageOut to be redundant, I believe I have to make the IPv6 default gateway on the ManageOut Clients to the VIP Interface of BIG-IP, am I correct?

    Tuesday, February 3, 2015 9:19 AM

All replies

  • Hi,

    About the /59, I would say Yes but I can't remember.
    Maybe I changed it before moving to NLB.

    For the rest, you created a IPv4 DirectAccess infrastructure and now have NAT64 IPv6 addresses for your clients.
    For me, the manage-out scenario should be ISATAP but it is not supported (and disabled in the server's firewalls) if you implement a NLB Cluster with this configuration.

    The good way should be to reinstall your infrastructure with IPv6 connectivity between the DirectAccess servers and your internal infrastructure.
    With this configuration, you can use an internal F5 Big-IP for Manage-out.


    Tuesday, February 3, 2015 2:11 PM