Request A Quote

Iron Networks Blog

why choose iron Software Define Data Center Hnv Hybrid Cloud Gateway MCE Cloud Edge Gateway Cloudboxx, branch-in-a-box Wss, windows storage systems

We aren’t IPv6-ready yet, what do we need to deploy DirectAccess?

Every IT manager, when deciding on a strategy for deploying DirectAccess for their corporate users, has the following questions on their mind about IPv6:

·         Do we need IPv6 addresses internally?

·         We aren’t IPv6 ready yet, what can we do?

·         Does a client machine connecting from the Internet need an IPv6 address?

These, and many more questions about IPv6, are asked every time we talk to a customer about deploying DirectAccess. There are scores of online articles which explain how users can connect to corporate resources over the internet via DirectAccess, but very few explain the core workings of IPv6 to IPv4 connectivity. Let’s try to bring the scattered information together in order to better understand how DirectAccess deployment works.

First, let’s try to answer the most common question asked about DirectAccess and IPv6: do we need IPv6 addresses on our internal servers? The answer is no, not necessarily. A Windows 7 client machine can connect to any internal IPv4 address machine through UAG DirectAccess’ translation technologies. These technologies, called NAT64 and DNS64, are used to translate IPv6 to IPv4 and vice versa. You can read more about them at http://technet.microsoft.com/en-us/library/ee809079.aspx.

The next most common question is: do we need IPv6 addresses on the Windows 7 client machines connecting through DirectAccess? Not at all. The IPv6 traffic is automatically encapsulated with IPv4 headers and sent to their destinations using IPv4 infrastructure. So, the routers and switches on the internet only see the IPv4 addresses and no IPv6 address is visible. The transition technologies 6to4, Teredo, and IPHTTPS automatically assign an IPv6 address to the machine, which is then encapsulated within IPv4 traffic. The transition technologies then try to connect the Windows 7 machine in the same order as listed above.

The TechNet article at http://technet.microsoft.com/en-us/library/dd379548(WS.10).aspx explains the IPv6 over IPv4 tunneling in detail.

 

 

A while ago, we posted an article on what applications might not work when a client machine is connected through the DirectAccess. Have a peek at: http://www.nappliance.com/blog/uag-amp-directaccess-some-my-applications-don%E2%80%99t-work-directaccess-what-should-i-do to learn about which server/client applications you can expect to behave abnormally over DirectAccess.

 

 Cheers,
nAppliance Team

 

Copyright © 2019 Iron Networks, Inc. All Rights Reserved.