locked
UAG DirectAccess and Verizon RRS feed

  • Question

  • I have successfully setup UAG DirectAccess. Several clients are able to use it to connect to internal resources via both 6to4 and Teredo. I have one client, though, that is having a problem. When he is using Teredo, he can connect just fine. When he uses 6to4 via Speakeasy he can connect just fine. When he uses 6to4 via Verizon, however, he cannot connect. I've noticed that when he connects to Verizon, his default gateway on the IPv4 interface is set to 0.0.0.0. So far that's the only odd thing I've found. Has anyone run into a similar problem?
    Monday, January 4, 2010 10:42 PM

Answers

  • You can test whether teredo works with the following command: netsh int teredo set state enterpriseclient,
    and disable 6to4 with this command: netsh int 6to4 set state disable

    When you're done verifying if teredo works, revert the states by running: netsh int teredo set state default & netsh int 6to4 set state default
    Also, did you configure IP-HTTPS? IP-HTTPS should work when 6to4 can't provide IPv6 connectivity for any reason.

    Make sure you issued a proper IP-HTTPS certificate that meets all the requirements, and that the IP-HTTPS URL is registered on the Internet DNS servers
    • Marked as answer by Erez Benari Tuesday, January 12, 2010 8:03 PM
    Sunday, January 10, 2010 9:58 AM

All replies

  • When using Verizon, does IP-HTTPS and Teredo work?

    Thanks!
    Tom
    MS ISDUA
    Friday, January 8, 2010 2:46 PM
  • How would I test those? The user has an onboard Verizon card so he's not behind a NAT.
    Saturday, January 9, 2010 11:52 PM
  • You can test whether teredo works with the following command: netsh int teredo set state enterpriseclient,
    and disable 6to4 with this command: netsh int 6to4 set state disable

    When you're done verifying if teredo works, revert the states by running: netsh int teredo set state default & netsh int 6to4 set state default
    Also, did you configure IP-HTTPS? IP-HTTPS should work when 6to4 can't provide IPv6 connectivity for any reason.

    Make sure you issued a proper IP-HTTPS certificate that meets all the requirements, and that the IP-HTTPS URL is registered on the Internet DNS servers
    • Marked as answer by Erez Benari Tuesday, January 12, 2010 8:03 PM
    Sunday, January 10, 2010 9:58 AM
  • I disabled 6to4 and changed Teredo to enterpriseclient. That worked. After reverting back to the default state for both interfaces, the client does not work. Does this offer any insight into why 6to4 isn't working?

    I don't have IP-HTTPS configured yet.

    Tuesday, January 12, 2010 9:13 PM
  • So, when Teredo is enabled, do you get a Teredo address?

    When 6to4 is enabled, do you get a 6to4 address?

    The Teredo adapter should come up only when you're behind a NAT device
    The 6to4 adatper should come up only when you have a public IP address on the client

    Tom
    MS ISDUA
    Saturday, January 16, 2010 5:33 PM
  • Did you ever resolve this?  I'm having the same issue with my Verizon Aircard users.
    Wednesday, June 22, 2011 4:23 PM
  • The issue was resolved. As I recall, it seemed that Verizon either made a change to their network or updated firmware and/or drivers and that fixed the problem.
    Wednesday, June 22, 2011 4:51 PM
  • I have roughly 35-40 of the VL600 Verizon Aircards with this issue.  All have updated firmware and drivers.  I have Been able to connect at least a couple of these machines to a MiFi divice and was able to connect them via DA.

     

    Any Thoughts?

     

    Rich

    Tuesday, January 17, 2012 2:59 PM
  • It is pretty common for 6to4 and cell cards not to get along. My understanding is that basically the carrier allows enough communication so that 6to4 gets an IP address and the client "thinks" its connected, but then the carrier blocks Protocol 41 traffic and so DA doesn't work. To resolve this, I recommend disabling 6to4 on your clients altogether. You can either do this manually with the netsh interface 6to4 set state disabled command, or create a GPO that disables it for all of your DA client machines. This causes DA to connect using Teredo instead, which seems to work fine over cell cards.

    One other possibility that I have seen more recently is that the aircards might be issuing the client machine a native IPv6 address on the internet. I have seen this break DirectAccess numerous times as well. In these cases, the easiest fix is to disable the aircard from assigning an IPv6 address. Usually there is an "IPv6" checkbox inside the software configuration for the aircard somewhere, simply uncheck that box and then the client will stop receiving an IPv6 address, and then DirectAccess works great.

    Thursday, January 19, 2012 4:09 PM