DirectAccess Default Route RRS feed

  • Question

  • Hi,

    Total beginner to DA and just trying to get my head around the documentation before I do a test deployment.

    We have a v6 native network (but v4 is still in use too) and according to the planning guide under the v6 native section it says that "you must modify your IPv6 routing so that default route traffic is forwarded to the Forefront UAG DirectAccess server". Does this mean that the DA server must sit on my org's default route or is it just meant to imply that the v6 client addresses subnet (/56 to /64 subset of the org's /48) needs to be routed to the DA server?






    Friday, November 26, 2010 4:00 PM


All replies

  • Based upon my understanding, you need to ensure that traffic for DA clients will have a return path back via UAG as opposed to following the existing IPv6 default route. Each of the DA client types (Teredo, 6to4 and IP-HTTPS) should have a defineable route you can use.



    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: and
    Friday, November 26, 2010 4:45 PM
  • Jason is right.

    Routing only the IP-HTTPS (/56-/64) subnet to the UAG-DA server is not enough.

    You can also have teredo, 6to4 and native IPv6 clients, which have different prefixes.

    Teredo -> 2001:0::/32

    6to4 - 2002::/16

    Native IPv6 - ::/0

    If you want to be able to support all of these types of clients, then your DA server will have to sit on your org's default route to the internet.

    Sunday, November 28, 2010 5:59 PM
  • Good info.



    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides!
    Wednesday, December 1, 2010 3:28 PM
  • Much obliged, apologies for not chipping in earlier, email alerts appeared to be broken so I never got informed of your replies.
    Thursday, February 10, 2011 1:57 PM
  • Hi Alex,

    You bet! Hope this helps!


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides!
    Tuesday, February 15, 2011 12:49 PM