Does Removing ISATAP for the DNS Block List Impact Security?

If you choose to deploy ISATAP to support your DirectAccess deployment, one of the things you need to do is remove the name ISATAP from the DNS block list if you’re using a Windows DNS server running Windows Server 2003 SP2 or above. By default, these DNS servers will not resolve queries for the names…

0

Clearing the Air on ISATAP

For companies thinking about deploying DirectAccess, the question of whether or not you need to deploy ISATAP will invariably come up. The answer to this question is “no” and the reasons for why you don’t need ISATAP in a DirectAccess deployment are covered in my article over at http://blogs.technet.com/b/tomshinder/archive/2010/10/01/is-isatap-required-for-uag-directaccess.aspx However, ISATAP does have a place…

9

Use a HOSTS File Entry to Control ISATAP Host Configuration

ISATAP is an optional configuration option you can take advantage of when working with UAG DirectAccess. What ISATAP allows you to do is automatically assign IPv6 addresses to computers on the network that already have IPv4 addresses (which is going to be all of them). The advantage conferred when using ISATAP is that you can…

6

UAG DirectAccess–Guess the Device in the Request/Response Path

Take a look at the figures below and see if you can guess what device is in the request/response path that you don’t typically see a UAG DirectAccess deployment. First, the ipconfig output on a DirectAccess client located behind a NAT device: Figure 1 Now let’s ping DC1: Figure 2 Now let’s do a tracert…

9

Is ISATAP Required for UAG DirectAccess?

The answer is “no” – but its important to understand the function of ISATAP and why or why not you might consider deploying ISATAP in your environment. Why ISATAP? ISATAP is the Intra-site Automatic Tunnel Addressing Protocol. The purpose of ISATAP is to allow you to use IPv6 aware applications on a network that hasn’t…

2