Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1140
  • Last Modified:

IPv4 over IPv6 UAG Direct Access

Hi all,

ok how do I explain this.... I have main office and remote users. remote users access office network via MS UAG direct access. Our network is all IPv4 but UAG establishes an IPv6 tunnel which I understands encapsulates the IPv4. everything seems to work fine except for a couple ot things. we have this solution in test phase as contractors install it.

The issue is this. if I want to web connect or ping a machine ping machine.name.* It will work so long as the machine is updated obviously on our DNS. but if I want to access the machine via IP say ping 10.9.*.*  I cant get a resolve. the remote user can not connect to network printers or web browse to internal portals! its frustruating. we have to use names only.

when I ping the name I get the reply IPv6 with port and then the IPv4 on the end of each reply line.

I want to know how to fix this please? how to present the routing so that it knows that the IPv4 I seek is part of the internal network and not part of the unknown abyss.

Help?

thanks

AJ
0
Ancients
Asked:
Ancients
  • 5
  • 3
1 Solution
 
pwindellCommented:
I wasn't aware that you would ever be able to ping those in the first place.  UAG is not a VPN solution.  Now some may call it an SSL/VPN solution but that is an Application Virtualization mechanism not an actual networking VPN.

But as for UAG itself,...I never touch it,...so if anyone wants to jump in, go for it.   But I think there is a good change that things are exactly as they should be,..nothing is wrong with anything,...it is just a matter of understanding what you are using will do and not do.

If you want the behavor of an actual private link between the locations (which would allow pinging across it) then you need to use a Site-to-Site VPN with TMG or some other product capable of doing the same.
0
 
pwindellCommented:
Our network is all IPv4 but UAG establishes an IPv6 tunnel

There is no tunnel.  Unless you want to call the HTTPS (SSL) a "tunnel",...and in a way, it is.  But that only exists between the User and the UAG.  The User only goes to the UAG,..they don't go through the UAG,...it is not a Firewall nor a VPN Router.

how to present the routing so that it knows that the IPv4 I seek is part of the internal network and not part of the unknown abyss.

There is no routing.  The only routing is going across the open internet between the User and the UAG.  The road "ends" at the UAG.  The UAG brings the resources to the user,...it does not bring the user to the resources.

Now again,..I don't use UAG,..so if someone knows better,...then jump in, the water is warm.
0
 
AncientsAuthor Commented:
Thanks,

The tunnel comment was something I read when explaining the process of how the link is established.

with regards to  pinging, I was trying to access some internal sites but the issue is I can not as it is resolved through ipv6 rather then 4. If I want to resolve anything I need to make DNS records for each IP i use. You mention that users only go to UAG, though I can RDP to servers and internal application by name if the internal DNS records are updated. as the IP wont resolve.

AJ
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
pwindellCommented:
You mention that users only go to UAG, though I can RDP to servers and internal application by name if the internal DNS records are updated. as the IP wont resolve.

Then you need to clearly explain the situation.  I can't see what you have, I can only judge by what you say.  Are you using UAG as UAG for what UAG is,...or are you using a Site-to-Site VPN and confusing it with UAG?

If you are really using UAG as UAG for what UAG is then the UAG is bringing the RDP to them,...it is not taking them to the RDP.  It's like visiting a new girl friend and her dad brings her to the door to talk to you rather then let you come in to talk to her. RDP is just another published Application,...it is no different than anything else.   When the user Pings they are pinging from the Terminal Server to the target,...whether that works or not depends on the ability of the Terminal Server itself to ping things on it's own LAN,...the ping does not come from the User's own local machine or have anything to do with that Users local machine.

Now on the other hand if you are using a Site-to-Site VPN then you are actually routing into the LAN from outside,...basically the girl's dad let you in and now you are wondering around every room in the house.  Yes the DNS is critical in this case.  But this is just a Site-to-Site VPN like what any other firewall or advance NAT Device can do,...this is not something to you go out and buy UAG for.
0
 
pwindellCommented:
The first two lines were supposed to be marked as a quote.

I really Really REALLY hate that this site leaves no means to go back and edit a screwed up post once it has been submitted.    Pretty much EVERY other forum I use on the Internet gives you the ability to correct or edit a submitted post.
0
 
AncientsAuthor Commented:
We are using Forefront UAG/TMG.

I will reply more soon

K*
0
 
pwindellCommented:
You're using UAG,..not UAG/TMG.

TMG is always "underneath" UAG but you cannot use it as a regular TMG. It's abilities have been limited and restricted by the UAG installation,...so basically it is like it doesn't exist.  Now maybe you can still use the Site-to-Site VPN abilities, maybe you can't, I don't know.  I've pretty much gone as far as I can with this.
0
 
AncientsAuthor Commented:
Thanks I will repost with the TMG included to see what others might know. much appreciated

AJ
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now