none
Direct Access server problem RRS feed

  • Question

  • Hi,

    I have problem with server after configuration Direct Access. I use DA on Windows Server 2008 R2 w/SP1. My internal network working on IPv4 and IPv6.

    This server after configuratin DA have routing problem from internal network.

    Is possibble this configuration:

    External NIC: Two IPv4 IP address to public Internet with default gwy and DNS + enabled IPv6 without configuration

    Internal NIC: One IPv4 IP address to the Corpnet without default gwy, with DND + enabled IPv6 with static IPv6 address used in internal network, default gwy6, dns6

    (Internal NIC with gwy to IPv6 Corpnet, External NIC with IPv4 gwy to the Internet)

    ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : KANG
       Primary Dns Suffix  . . . . . . . : faf.cuni.cz
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : faf.cuni.cz

    Ethernet adapter External:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Server Adapter #2
       Physical Address. . . . . . . . . : 00-04-23-B7-07-66
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::9c05:6211:2c93:cf15%16(Preferred)
       IPv4 Address. . . . . . . . . . . : 195.113.117.66(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.240
       IPv4 Address. . . . . . . . . . . : 195.113.117.67(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.240
       Default Gateway . . . . . . . . . : 195.113.117.65
       DNS Servers . . . . . . . . . . . : 195.113.115.171
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Internal:

       Connection-specific DNS Suffix  . : faf.cuni.cz
       Description . . . . . . . . . . . : Intel(R) 82566DM Gigabit Network Connection
       Physical Address. . . . . . . . . : 00-19-D1-3C-99-B1
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:718:1201:100::27(Preferred)
       Link-local IPv6 Address . . . . . : fe80::f953:f11d:5b82:c0f1%13(Preferred)
       IPv4 Address. . . . . . . . . . . : 172.18.100.27(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.240.0
       Default Gateway . . . . . . . . . : 2001:718:1201:100::10
       DNS Servers . . . . . . . . . . . : 2001:718:1201:100::1
                                           2001:718:1201:100::17
                                           172.18.100.1
                                           172.18.100.17
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.faf.cuni.cz:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : faf.cuni.cz
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 12:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8000:f227:3c8e:8abd%15(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter isatap.{CC02CBDB-8217-4D22-AA95-F2DB8030C227}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter 6TO4 Adapter:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft 6to4 Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:c371:7542::c371:7542(Preferred)
       IPv6 Address. . . . . . . . . . . : 2002:c371:7543::c371:7543(Preferred)
       Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
       DNS Servers . . . . . . . . . . . : 195.113.115.171
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter IPHTTPSInterface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : IPHTTPSInterface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:718:1201:5555:4594:b6b0:ae32:41b4(Preferred)
       Link-local IPv6 Address . . . . . : fe80::4594:b6b0:ae32:41b4%19(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Monday, May 28, 2012 4:18 PM

Answers

  • Hi,

    Except for the IPV6 default gateway on your internal NIC. Its is possible to have IPV6 and IPV4 enabled on but DirectAccess feature included in Windows 2008 R2 does not inclides NAT64/DNS64 capabilities. For this reason, DirectAccess users wont be able to access IPv4 based ressources. You should move to UAG.

    Have a nice day.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Marked as answer by SnakeAG Tuesday, June 19, 2012 2:08 PM
    Tuesday, May 29, 2012 7:27 AM

All replies

  • Hi,

    Except for the IPV6 default gateway on your internal NIC. Its is possible to have IPV6 and IPV4 enabled on but DirectAccess feature included in Windows 2008 R2 does not inclides NAT64/DNS64 capabilities. For this reason, DirectAccess users wont be able to access IPv4 based ressources. You should move to UAG.

    Have a nice day.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Marked as answer by SnakeAG Tuesday, June 19, 2012 2:08 PM
    Tuesday, May 29, 2012 7:27 AM
  • Agreed. You didn't say anything about UAG so we assume you are running native DirectAccess. Without UAG you will not be able to communicate with any IPv4 resources inside your network, only the IPv6.

    Your NIC configuration looks correct, except that you should remove the DNS server entries from your External NIC. Only put DNS server addresses on the Internal NIC.

    Tuesday, May 29, 2012 1:15 PM