Configure the Intra-Server Subnet

  • Article

Updated: July 22, 2010

Applies To: Windows Server 2008 R2

When configuring the DirectAccess Internet Protocol security (IPsec) gateway on a different server, the intra-server subnet exists between the two servers and provides a way for the Internet Protocol version 6 (IPv6) connectivity server to forward and receive tunneled packets to and from DirectAccess clients on the Internet.

With this procedure, you attach both servers to the intra-server subnet and configure the IPv6 connectivity server to be an advertising, default IPv6 router for the subnet.

Before performing this procedure, you should determine a 64-bit prefix for the intra-server subnet. For example, you can use the following:

  • 6to4-basedPrefix:3::/64 if you are using a 6to4-based prefix based on the first public Internet Protocol version 4 (IPv4) address assigned to Internet interface of the IPv6 connectivity server.

  • NativePrefix:SubnetID::/64 if you are using a 48-bit native IPv6 prefix.

To complete these procedures, you must be a member of the local Administrators group, or otherwise be delegated permissions to modify IPv6 interface settings. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To configure the intra-server subnet

  1. On the IPsec gateway server, remove the two consecutive public IPv4 addresses assigned to the Internet interface.

  2. On the IPv6 connectivity server, configure the two consecutive public IPv4 addresses on the Internet interface, and then connect it to the Internet.

  3. Connect an interface of the IPv6 connectivity server and the IPsec gateway server to the same switch to create a subnet.

  4. On the IPv6 connectivity server, start a command prompt as an administrator.

  5. In the Command Prompt window, type the netsh interface ipv6 show interfaces command.

    This command lists the interfaces and their interface indexes.

  6. In the Command Prompt window, run the following commands:

    netsh interface ipv6 SubnetInterfaceNameOrIndex forwarding=enabled advertise=enabled advertisedefaultroute=enabled

    netsh interface ipv6 add route 64BitPrefixOfSubnet publish=yes

  7. On the IPsec gateway server, start a command prompt as an administrator.

  8. In the Command Prompt window, type the netsh interface ipv6 show addresses command.

  9. In the display, copy or note the public address assigned to the subnet interface of the IPsec gateway server. You will need this address for the Configure the IPsec Gateway Server procedure.

If you arrived at this page by clicking a link in a checklist, use your browser’s Back button to return to the checklist.