none
Direct Access ICMPv6 rules

    Question

  • Hello!

    The DirectAccess for Windows Server 2008 R2. Design, Deployment, and Troubleshooting Guides guide states the following (page 42):


    "Packet filters to allow inbound ICMP Echo Requests on all computers

    ...

    For a Teredo-based DirectAccess client to communicate with an intranet resource, that resource must accept inbound ICMPv6 Echo Request messages. Therefore, for DirectAccess clients to reach any location on the intranet, you must allow inbound ICMPv6 Echo Request messages on all of your intranet hosts. If your intranet is using a NAT64 to translate IPv6 traffic to Internet Protocol version 4 (IPv4) traffic, you must also allow inbound ICMP for IPv4 (ICMPv4) Echo Request messages on all of your intranet hosts."

    What about an IP-HTTP DirectAccess client? If I'm going to use IP-HTTPS only should I allow ICMPv6 or/and ICMPv4 EchoRequest messages?

    Thank you in advance,

    Michael



    • Edited by MF47 Thursday, January 31, 2013 2:11 PM
    Thursday, January 31, 2013 2:08 PM

Answers

  • Hi MF47,

    This requirement is only for using Teredo. For IP-HTTPS Direct Access client, there is no need to create inbound ICMP echo request message on intranet hosts.

    Regards,


    Nick Gu - MSFT

    • Marked as answer by MF47 Friday, February 8, 2013 6:27 AM
    Thursday, February 7, 2013 2:36 PM
    Moderator

All replies

  • Hi,

    Thank you for the post.

    I have reviewed this document and found few information about ip-https based client for ICMP rule. And I will consult our senior member, then update this thread later.

    Regards,


    Nick Gu - MSFT

    Thursday, February 7, 2013 6:21 AM
    Moderator
  • Nick, thank you very much!
    Thursday, February 7, 2013 6:50 AM
  • Hi MF47,

    This requirement is only for using Teredo. For IP-HTTPS Direct Access client, there is no need to create inbound ICMP echo request message on intranet hosts.

    Regards,


    Nick Gu - MSFT

    • Marked as answer by MF47 Friday, February 8, 2013 6:27 AM
    Thursday, February 7, 2013 2:36 PM
    Moderator
  • Nick, thank you so much for clarification!

    Best regards,

    Michael Firsov

    http://michaelfirsov.wordpress.com/

    Friday, February 8, 2013 6:25 AM