Using transition technologies

To send IPv6 packets across the IPv4 Internet, a DirectAccess client use the following transition technologies:

  1. ISATAP—Tunnels IPv6 traffic over IPv4 networks

  2. 6to4—Used by DirectAccess clients with a public IP address.

  3. Teredo—Used by DirectAccess clients with a private IP address behind a NAT device

  4. IP-HTTPS—Used by DirectAccess clients that cannot use the other transition technologies.

ISATAP

Intrasite Automatic Tunnel Addressing Protocol (ISATAP) uses tunneling to enable DirectAccess clients to connect to the Forefront UAG DirectAccess server over the IPv4 Internet, encapsulating IPv6 packets within an IPv4 header, and is used by uagshort DirectAcess to provide IPv6 connectivity to ISATAP hosts across an intranet. In a non-native Ipv6 network environment, the Forefront UAG DirectAccess server configures itself automatically as an ISATAP router. Using ISATAP, an IPv4 network emulates a logical Ipv6 subnet to a set of ISATAP hosts, and allows ISATAP hosts to automatically tunnel to each other for IPv6 connectivity, and to reach other IPv6 capable networks. In addition, because ISATAP tunnels IPv6 packets within an IPv4 header, routing within your IPv4 infrastructure works without requiring changes on IPv4 routers required. ISATAP capable hosts include Windows Vista and above and Windows Server 2008 and above. To use ISATAP, DNS servers must be configured to answer ISATAP queries, and Ipv6 must be enabled on network hosts. ISATAP is defined in RFC 4214. For more information, see IPv6 Transition Technologies (https://go.microsoft.com/fwlink/?LinkID=154382).

6to4

6to4 is an IPv6 transition technology that enables DirectAccess clients to connect to the Forefront UAG DirectAccess server over the IPv4 Internet. 6to4 is used when clients have a public IP address. IPv6 packets are encapsulated in an IPv4 header, and sent over the 6to4 tunnel adapter to the DirectAccess server. After running the wizard and applying GPOs, 6to4 is automatically configured for DirectAccess clients and the DirectAccess server. 6to4 is defined in RFC 3056. For more information, see IPv6 Transition Technologies (https://go.microsoft.com/fwlink/?LinkID=154382).

Teredo

Teredo, defined in RFC 4380, is an IPv6 transition technology that enables DirectAccess clients to connect to the Forefront UAG DirectAccess server across the IPv4 Internet. Teredo is used when clients are located behind an IPv4 network address translation (NAT) router or firewall, and the device allows outbound traffic on UDP portal 3544. If the client has a private IPv4 address and outbound access, it uses Teredo to encapsulate IPv6 messages from the client to the uagshort DirectAccess server in a IPv4 header, to send over the IPv4 Internet. After running the wizard and applying GPOs, Teredo is automatically configured for DirectAccess clients and the DirectAccess server. Teredo is defined in RFC 4380. For more information, see Teredo Overview (https://go.microsoft.com/fwlink/?LinkId=169500).

IP-HTTPS

IP-HTTPS—IP-HTTPS is a new protocol for Windows 7 and Windows Server 2008 R2, that allows DirectAccess clients to connect to the DirectAccess server over the IPv4 Internet. IP-HTTPS is used as a fallback method to encapsulate IPv6 packets in an IPv4 header. It is used by clients who are unable to connect to the Forefront UAG DirectAccess server using the other IPv6 connectivity methods, or if force tunneling has been configured. For example, when a DirectAccess client has a private IP address, and the NAT device or firewall is configured to allow only HTTP/HTTPS outbound traffic, the client will used IP-HTTPS. HTTPS is used instead of HTTP so that Web proxy servers will not attempt to examine the data stream and close the connection. Performance of IP-HTTPS may not be as good as the other Forefront UAG DirectAccess connection protocols. After running the wizard and applying GPOs, IP-HTTPS is automatically configured for DirectAccess clients and the DirectAccess server. For more details, see the IP over HTTPS (IP-HTTPS) Tunneling Protocol Specification (https://go.microsoft.com/fwlink/?LinkId=169501).