locked
Transition Mode - Web Monitor RRS feed

  • Question

  • Hi

    I have been running DirectAccess for a few months now and everything appears to be working fine. When viewing clients in the Web Monitor I have seen the following transition modes displayed: Teredo, IP-HTTPS and 6to4. The strange thing is today I have seen a different transition mode listed and I cant find any information on it and was wondering if someone could help.

    The client has a infrastructure tunnel active and it is showing the Transition Mode as Native. Now I have not seen this listed before and was wondering what this means and in what situation this would occur. Also their IPv6 Source Address starts 2602:306 and again is not something I have seen before.

    Any assistance anyone can provide would be appreciated.

    Wednesday, November 21, 2012 5:59 PM

All replies

  • I would say that the client has a native IPv6 address assigned to it.

    It will still tunnel the traffic using IPv4 but no transition technology is required. See:

    http://blogs.technet.com/b/tomshinder/archive/2011/03/23/uag-directaccess-and-the-ipv6-internet.aspx


    Hth, Anders Janson Enfo Zipper

    Thursday, November 22, 2012 10:16 AM
  • I didn't think UAG DirectAccess supported native IPv6 addressed clients...

    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Thursday, November 22, 2012 3:31 PM
  • I didn't think UAG DirectAccess supported native IPv6 addressed clients...

    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk


    True. Traffiic is still tunneled in IPv4, but if the client acquires an IPv6 address in another way than using the UAG DA server that addres will show in WebMonitor. At least that is how I have seen it. Do correct me if I am wrong... 2602:306 seems to be a global unicast address if memory serves so it is fully functional on the Internet.

    Hth, Anders Janson Enfo Zipper

    Friday, November 23, 2012 8:41 AM
  • I didn't think UAG DirectAccess supported native IPv6 addressed clients...


    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk


    True. Traffiic is still tunneled in IPv4, but if the client acquires an IPv6 address in another way than using the UAG DA server that addres will show in WebMonitor. At least that is how I have seen it. Do correct me if I am wrong... 2602:306 seems to be a global unicast address if memory serves so it is fully functional on the Internet.

    Hth, Anders Janson Enfo Zipper

    With a Native IPv6 connection, no transitional technologies will/need be used, so no tunnelling will be employed...that was my understanding anyhow...

    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Friday, November 23, 2012 9:13 AM
  • I have seen this occasionally as well. Some of the new 4G cards are handing out IPv6 addresses alongside a public IPv4 address. These always start with 2600:...

    Many times this actually causes DirectAccess not to work on these laptops. When you look in the log you notice that there are Security Associations attempting to build themselves over the 2600: IP addresses, which are never going to connect because the UAG server is not on the IPv6 internet. I'm not really sure why these connections sometimes (not always) show themselves in Web Monitor at all, but they do. Most of the time what we have to do is open up the NIC properties for the 4G card and uncheck TCP/IPv6. Then the card will only give the laptop an IPv4 address, which will allow Teredo/IP-HTTPS to build successfully.

    http://www.ivonetworks.com/news/2011/11/client-side-ipv6-and-directaccess-dont-always-get-along/

    Tuesday, November 27, 2012 3:57 PM