locked
Three consecutive public IP's for DirectAccess server? RRS feed

  • Question

  • Hi,

    Here's a strange but hopefully easy question.  I haven't found ANY answer to this despite a lot of searching.  I am using Windows DirectAccess at the moment but my question relates to the Windows 2008 R2 Teredo server which is also used by UAG.

    Question:  If I have *3* consecutive IP's on my server, which two does Teredo use, the first two or the second two?

    My situation is, I have a working DirectAccess server with two consecutive IP's (say .5 and .6).  I assigned a third (.7) for a different application, and later none of my DirectAccess clients could connect (clients are configured via the DirectAccess GP to use .5 as their Teredo server).  I changed the .7 to .8 so it wouldn't be consecutive and everything started working again.  While the clients weren't connecting, i noticed that I could ping .6 and .7 (IPv4 ping from the Internet) but not the first address (.5).

    I did every netsh command I could find and I couldn't see how to find out what IPv4 addresses the Teredo Server is using.  I realize I can push a new Group Policy out to my clients with the new IP address if I need to, but I need more predictability in how adding server IP's will affect which pair Teredo uses.

    I have 13 public IP's, and I am considering:

    • Allocate the DirectAccess IP's as the last two, and put any additional public IP's below the Teredo pair.
    • Leave the DirectAccess/Teredo pair where they are, but then only use every other IP after that so there won't be any more pairs.
    • Find a place where I can TELL Teredo what IPv4 address pair to listen on, so I don't have to do any other the above tricks.

    I see a servervirtualIP setting in nesh int ipv6 show teredo, but it's 0.0.0.0 and I'm not sure setting that is what I need because  I can't find any documentation on what this parameter does.

    Thanks in advance for your help.

    Mike

    Thursday, March 29, 2012 7:08 PM

All replies

  • To answer your question, address used by UAG for DA is the one you specify as the first and then the next.

    These two are used by Teredo to identify if the client is behind a NAT device.

    If you configure address #8 as the first one, then the other address used by Teredo will be #9. Address #1-7 and 10-13 will be available for use by trunks on UAG (if all addresses are configured on UAG).

    If you use address #12 as the first address, then #13 will be  used by DA as per above. Address #1-11 will be available for use.

    Etc.

    So to find out, open the DA wizard and check what address is configured as the first, that will tell you the second address ("+1").


    Hth, Anders Janson Enfo Zipper

    Friday, March 30, 2012 8:18 AM
  • Anders is exactly right that with UAG, in the wizard you specify the primary IP address and the second is automatically populated as the one immediately following the one that you selected in the drop-down. Then UAG can use any other public IPs assigned to the NIC for portals, and UAG does a good job of keeping them all separated as specified inside the UAG Management software.

    However, since you are not using UAG I believe that it is not supported for you to do anything other than DirectAccess with your DirectAccess server. Maybe this is one of the reasons why it is unsupported to do so. So if you move to UAG, you can do both DirectAccess and application publishing over UAG portals, but trying to do non-DA things on a Windows DA box could certainly result in some unexpected behavior.

    Friday, March 30, 2012 2:33 PM