locked
DirectAccess Client IPv4 destination routed out 2nd (Private) WAN Interface on Firewall? RRS feed

  • Question

  • Hello.

    We have DA 2012R2 running and working well.

    At least it seems to be.

    We have a static IPv4 route on our internal LAN firewall (GW) device.

    This route send IPv4 traffic out a 2nd 'private' WAN port - destined for IPv4 host (for demonstration purposes we will call it -Server X).

    Will/should a Windows 10 Ent. DA client send IPv4 traffic destined for Server X using (NAT64/DNS64)?

    It does not seem to be doing so at this time.



    Thanks in advance


    Monday, March 27, 2017 4:43 AM

Answers

  • Hi Kevin

    The Windows Clients will only send encapsulated IPv6 Requests to the external interface of the DA Server. The Server will then translate NAT64 and DNS64 on behalf of the connected clients to internal resources and then process the IPv4 Response back in to IPv6 and reply to the client accordingly. Hope that helps.

    J

    Monday, April 24, 2017 12:13 PM

All replies

  • Hi Kevin

    The Windows Clients will only send encapsulated IPv6 Requests to the external interface of the DA Server. The Server will then translate NAT64 and DNS64 on behalf of the connected clients to internal resources and then process the IPv4 Response back in to IPv6 and reply to the client accordingly. Hope that helps.

    J

    Monday, April 24, 2017 12:13 PM
  • Hi John.

    Thanks a bunch for the response.

    It sounds like the IPV6 <> NAT64/DNS64 process does not allow the IPV4 traffic - once it makes it to the internal LAN - routable.  Basically, IPV4 loses/drops its ability to route past the LAN?

     

    Almost reminds me of WFWG and IPX/SPX -- NETBEUI stuff.  Na - now that's a stretch for protocol comeback..

     


    Thanks in advance

    Thursday, April 27, 2017 3:48 AM