Public IP Address for DA Teredo Edge Config
Hi,
We are configuring Direct Access for the first time on server 2012 R2. We have setup and tested it fine on the single adapter ‘basic’ configuration but would like to configure it to use Teredo as it’s supposed to be faster.
I have read that this requires two network adapters on the DA server, one configured for the intranet and the other configured for the public internet with two consecutive public IP addresses.
My question is if i point the public DNS record to the first public IP address (E.g. DirectAccess.mydomain.com) what do I need to do with the second public IP? I’m not clear what the second IP is used for?
I have read the second IP could be something to do with certificates but it wasn’t very clear. We will be using Direct Access with Windows 7 clients so already have an internal PKI installed for the DA single adapter setup.
Also, I have read that even with the IP-HTTPS performance improvements in 2012 Teredo is still considerably faster (assuming the internet connection itself is fast enough). Can anyone advice on speed differences between IP-HTTPS and Teredo?
Thanks
Alex
Hi
Since Windows Server 2012, you are allowed to deploy DirectAccess in multiple scenarios. I your situation, you have a single network interface. In this scenario, your DirectAccess Server have a single private IP address. Teredo can only be used in two network
interface scenario. This is the only scenario you need two ipv4 public addresses.
IPHTTPS performance is available since Windows Server 2012 but require at least Windows 8 to be used.
Best regards.
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
Similar Messages
-
HI.......
We have Cisco router 2851 and asa firewall. We configured on he router for IP phones and ISP connected. The ISP directly connected on the router and asa firewall connected to the router. We have plan to configure VPN on the router. We have available public ip address. if i configure the VPN on the firewall we need to configure firewall local ip address to public ip address. SO how to configure firewall local ip to public ip ? Where we can configure , mean on the router or firewall. please see my firewall and router configuration ...
Please help .....The ASA would typically be where you setup your public IP Address(es). The firewall normally needs to have a public IP on the outside interface for that to work. Once it does, you can perform dynamic NAT for outbound connections ("global (Outside) 1 xxx.xxx.xxx.185 netmask 255.255.255.255" does this).
However on the config you attached your outside interface has a private (RFC 1918) address:
interface Ethernet0/3
speed 100
duplex full
nameif Outside
security-level 0
ip address 192.168.255.2 255.255.255.252
Plus it being a /30 only gives you two addresses - one for the ASA and one for the router's Gi0/0 (per that config which you also attached). This is a bit odd setup but it seems to have been hacked together to work using the routing statement on the router "ip route xxx.xxx.xxx.184 255.255.255.248 192.168.255.2".
It's really a bit of a mess and extending it further may be possible but will make it even more complicated. I'd advise having someone sit down and re-work how the public IPs are routed to make it look like a more typical setup. -
Public IP address for ERP system
Hi,
A SAP BC consultant gives me a small system landscape for ERP 6.0 and its info. as following:
a. 1 Sol Man system, 1 ERP system for DEV, 1 ERP system for PRO.
b. The Sol Man Server is for the ENTIRE SAP TECHNICAL LANDSCAPE in the single company.
c. The entire SAP Landscape needs to be on a different SUBNET on a different Gigabit switch for optimum performance. The broadcast between 2 subnets will be handled via a router.
d. A router with VPN Capabilities and 2-3 static public IP addresses (THIS IS A MUST).
I don't know why I need 2-3 static public IP addresses if I don't public anything to Internet. Somebody tell me why?
Thanks,
Toan DoHi,
Its most prob for saprouter/connection to oss etc.
Regards -
Customer wants a public IP address for RDP after VPN Tunnel
I have a customer that wants to set up a VPN tunnel with me with a Public IP address and a Public address for the host. I am completely at a loss as to how to accomplish this. The customer states that it against his company policy to have a remote host to connect to that is not in the public address space. I have given him a public Peer address to connect to for the establishment of the VPN Tunnel. However he states that he needs the host to be in the public address space as well.
What is my customer asking for? Surely he does not want me to put RDP on a public address?The motive of your customer is not very clear. If the motive is to hide the remote (RDP) addressess then we can do it by natting (Static or Dynamic). We can allow the natted IP as interested traffic over the VPN tunnel. Because if we are getting the local IP into the public pool then it we don't need VPN tunnel. We can access it directly over internet too.
-
Getting public ip address for a lan
hello is their a way to some how retrieve the public ip address of a lan? When i use the standard java get host method from a pc that's in a lan, all i get is the private lan ip address such has 192.x.x.x. this is useless to me if i want to make a connection to this computer from outside the lan.
i want to be able to get the public ip so that i can transform my instant messenger program (LAN based) into the internet so that it clients can talk to eachother from all around the world like msn messanger.
would they be a problem if say 5 users from the same LAN where logged into the program and one person from outside the lan wanted to talk to one of the people from the lan? seeing as all 5 lan users will have the exact same public ip address, is their a way to talk to teh correct user?
The current state is that as soon as a user longs into the system, their ip address from the pc that they are using, is stored temporaily into a server so that if User A whats to talk to User B, User query the server to first find out if the user is online and than get their IP address and join User B,s listening socket using the ip address retieved from the server..import java.net.URL;
import java.net.HttpURLConnection;
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.InputStream;
String publicIP = null;
try {
URL tempURL = new URL("http://www.whatismyip.org/");
HttpURLConnection tempConn = (HttpURLConnection)tempURL.openConnection();
InputStream tempInStream = tempConn.getInputStream();
InputStreamReader tempIsr = new InputStreamReader(tempInStream);
BufferedReader tempBr = new BufferedReader(tempIsr);
publicIP = tempBr.readLine();
tempBr.close();
tempInStream.close();
} catch (Exception ex) {
publicIP = "<Could-Not-Resolve-Public-IP-Address>";
} -
Lync 2010 : Using same FQDN and IP address for SIP access Edge, Web Conferencing Edge, A/V Edge
Hi Friends,
Please assist on below query.
Will it possible to use the same FQDN in Lync Edge? Since it has different Port numbers for each service, one public IP for all FQDN for access will save me purchasing multiple Certificates for SANs
FQDN
IP Address
Port
Map to
Sip.domain.com
12.34.34.34
5061 (TLS)
SIP Access Edge
Sip.domain.com
12.34.34.34
444(TLS
Web Conferencing Edge
Sip.domain.com
12.34.34.34
443(TCP
A/V Edge
I have a wildcard SSL purchased already and for this purpose I need to purchase more certificates per SAN if unique FQDN required.
Thank You.Yes, although a wildcard entry only will not work entirely for all Lync clients and versions.
I would suggest something like this:
Edge External
CN: sip.domain.com
SAN: sip.domain.com, webconf.domain.com
Reverse Proxy Listener(s)
CN: lyncwebexternal.domain.com
SAN: lyncwebexternal.domain.com, *.domain.com
The wilcard entrty can replace the SimpleURLs (meet, dialin) but some clients (like any Lync Phone Edition devices prior to the June 2012 firmware) do not support wildcard entries so providing the external web services FQDN is required. also never
put the wildcard etry in the Common Name as devices/client that do not support wildcard entries may be tripped up there and then never even look at the SAN field.
A cheaper alternative (although not typically recommended, this does work) would be to use a single certificate for both servers, like this:
Edge/RP Combo Cert
CN: sip.domain.com
SAN: sip.domain.com, webconf.domain.com, lyncwebexternal.domain.com, *.domain.com
Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP -
What are the public IP addresses for Apple Update servers?
I work for a school district and we would like to create a NAT rule in our firewall to make all traffic going out for Apple updates to use the same public IP (iPhones, iPads, Macs, etc). Does anyone know what Apple IP addresses I would need for that?
This will be used to make all devices in our district go to the same Apple Caching Server.
Thanks in advance.Hi,
which book from the chapter you are refering to?
If possible can you post the entire question so that we help you in identificying the correct address.
Best to use the ip subnet calculator.
http://www.vlsm-calc.net/
http://www.subnet-calculator.com/cidr.php
Regards
Inayath -
Change Lync 2013 Edge Server Natted public ip addresses
we changed public ip addresses for Lync 2013 edge. I changed only a/v edge service NAT-Enabled public ipv4 address to the new public ip address .
published the topology
run
Invoke-CsManagementStoreReplication command
restarted edge server.
what else to do to solve it ?
Error:
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server sip.*****.com on port 5061.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.Hi,
Please re-run Step 2-Setup or Remove Lync Server Components after changing IP in topology.
Kent Huang
TechNet Community Support -
Migration Accelerator - Public IP address requirement for Config Server and Process Server
Currently, when installing the Migration Accelerator components, the Config Server's public IP address must be specified in several places. In the released version of Migration Accelerator, could this be changed to allow customers to specify a public
DNS domain name instead? Using a Public IP address for the Config Server in Azure represents a risk that this public IP may change (unless using the new Reserved VIP Capability in Azure) which could require reconfiguration of several MA components. If
a DNS name will not be supported in the released version of MA, then the documentation should be updated to step through provisioning a Reserved VIP for the Config Server in Azure.
Similarly, if running the Process Server on Amazon AWS (in an Amazon AWS -> Azure migration scenario), either DNS names should be supported for the Process Server configuration or a reference in the document should be added to step through acquiring an
Elastic IP Address for the Process Server.Thanks Keith for your feedback; we will update the document to reflect this. We will look into improving this in functionality in the released version.
Thx - Srinath -
Static NAT and same IP address for two interfaces
We have a Cisco ASA 5520 and in order to conserve public IP addresses and configuration (possibly) can we use the same public IP address for a static NAT with two different interfaces? Here is an example of what I'm refering too where 10.10.10.10 would be the same public IP address.
static (inside,Outside) 10.10.10.10 access-list inside_nat_static_1
static (production,Outside) 10.10.10.10 access-list production_nat_static_1
Thanks for any help.
JeffHi Jeff,
Unfortunately this cannot be done, on the ASA packet classification is done on the basis of mac-address, destination nat and route, and here you are confusing the firewall, to which interface does the ip belong to. I haven't ever tried to do it, but it should cause you issues.
Thanks,
Varun Rao
Security Team,
Cisco TAC -
Public IP address requirerement for a Public facing SharePoint 2013 website.
I am planning to implement a public facing website on SharePoint 2013 platform. Following are the proposed server setup.
2 x Web Front End (WFE) hosting SharePoint 2013 (Load Balanced)
2 x Search and Application server hosting SharePoint 2013 (Load Balanced)
2 x Application Server (non-SharePoint with separate .NET web applications linked through SharePoint site)
2 x SQL 2012 Servers (Clustered with two instances for SharePoint and .NET applications)
I understand that SQL servers will not require a public IP. What about other servers? Also, there is no tight integration between the Application (# 3) and SharePoint servers. It is just a hyperlink provided on the WFE website. In
this scenario, do we need public IPs for # 2 and 3?
Thanks in advance!
LMHi,
In your scenario, if your Application servers run apps that need to be accessed from the Internet, these need to be published as well. Your Search And Application hosting SharePoint 2013 (SharePoint app servers) don't need to be connected to the internet.
So all in all, make sure you publish your WFE's (using your load-balancer IP) and your Application (Non-SharePoint, through load-balancer).
The best way to do this is using a reverse proxy to publish your SharePoint and application servers. This means you only need 1 public IP address in this scenario.
If you need more guidance, let us know.
Nico Martens
SharePoint/Office365/Azure Consultant -
Multiple Public IP Addresses To Be Used For DMZ - ASA 5505 - IOS 8.4(2)
I'm trying to figure out how to forward an IP address to my DMZ servers allowing me to use the ACL to control access to the servers within my DMZ interface (LAN). I can't figure out if the ASA handles that automatically when a NAT rule is created, or maybe when an ACL is created, or do I need to add it when configuring the interface (outside)? Ex: IP Address: 1.1.1.1, 2.2.2.2, 3.3.3.3
Notes:
- I'm using the ASDM but can use CLI if needed.
- All IP address are fictitious of course.
- I currently have a public IP address of 1.1.1.1 that is used for all traffic coming from the ASA (including my NATed inside traffic).
- My local LAN subnet is 10.10.10.0/24.
- My DMZ subnet for my servers is 10.10.20.0/24.
- I have an IP address I want to use (public) of 2.2.2.2 that would be forwarded to my DMZed server of 10.10.20.2.
- I have an IP address I want to use (public) of 3.3.3.3 that would be forwarded to my DMZed server of 10.10.20.3.Hi,
I am not sure if I understood you correctly.
Are you just asking how to configure Static NAT for your DMZ servers and allow traffic to them?
If so the basic NAT configuration format would be
object network SERVER-1
host 10.10.20.2
nat (DMZ,outside) static 2.2.2.2 dns
object network SERVER-2
host 10.10.20.3
nat (DMZ,outside) static 3.3.3.3 dns
The above 2 "object network" create the Static NAT between the internal private and external public IP addresses.
access-list OUTSIDE-IN remark Allow traffic to DMZ servers
access-list OUTSIDE-IN permit tcp any object SERVER-1 eq www
access-list OUTSIDE-IN permit tcp any object SERVER-2 eq ftp
access-group OUTSIDE-IN in interface outside
The above creates an ACL which allows for example HTTP traffic to SERVER-1 and FTP traffic to SERVER-2. Finally the last command attaches the ACL to the "outside" interface. If you already have an ACL attached to the "outside" interface then you naturally use that one.
Those are just simple examples.
Please let me know if I understood you incorrectly if I missed something
- Jouni -
What's the purpose when we config ipv6 address for an interface with 128bit mask
What's the purpose when we config ipv6 address for an interface with 128bit mask?
ThanksIf you configure a loopback-interface you can use a /128 there.
"Normal" interfaces should always use /64 (RFC 4291) while on router-to-router-links you can use a /127 (RFC 6164).
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Configure WRT54G Wireless Router with PUBLIC IP address and use DHCP for internal computers
Hi,I have an Internet online service with 5 public IP addresses. The router and the AP are connected to a switch. I would like to configure a WRT54G wireless router with one of this IP public Address and use DHCP (with private ip address) for the computers that will connect to the AP. As the AP is connected to the switch it is possible that other wired computers that are connected to the same switch can obtain an IP address from the DHCP ?
Thansk in advance
Thanks for your help. Please correct me if Im wrong. After connecte the equipments the way you suggestI setup a static IP address (The public IP) in the WRT54GI enable DHCP in the WRT54G with a range from 10.10.0.100 to 10.10.0.200 (as an example) The gateway is the Public IP address right ? How do I route the 10.10.0.x addresses to the public IP address. Thansk again
-
Netopia 4686XL USA Public IP address to Linksys WRTU54G-TM for Netflix USA IP
I have a stack of public IPs on my Ethernet router Netopia 4686XL which is on a T1 connection in USA, I have multiple Linksys routers model WRTU54G-TM(T-Mobile @Home Router) Which I use as router at various locations other than my office. I would like to get an Public IP from my office Ethernet router(Primary router on a Static IP with T1 Speed) to get one of the public IP address on my Netfilx device through Linksys router which is at remote location with various ISPs(Cable vision, Optimum online, Verizon FIOS, Vidiotron.ca CANADA, Airtel INDIA, BSNL INDIA, And more) where I have Basic internet service. I want to get the USA IP address from my office Location so i can overcome the issue of Netflix. There is the Advance routing in Linksys router (»192.168.1.1/Advanced-Routing-Router.htm) Where I should be able to point the the public IP using static ip routing but do not know how to configure. I have setup static address on Linksys client so the device will always be on the Private address 192.168.1.100. Step by Step directions will be helpful due to many hours of research without any success.
Nick0618 wrote:
I have a stack of public IPs on my Ethernet router Netopia 4686XL which is on a T1 connection in USA, I have multiple Linksys routers model WRTU54G-TM(T-Mobile @Home Router) Which I use as router at various locations other than my office. I would like to get an Public IP from my office Ethernet router(Primary router on a Static IP with T1 Speed) to get one of the public IP address on my Netfilx device through Linksys router which is at remote location with various ISPs(Cable vision, Optimum online, Verizon FIOS, Vidiotron.ca CANADA, Airtel INDIA, BSNL INDIA, And more) where I have Basic internet service. I want to get the USA IP address from my office Location so i can overcome the issue of Netflix. There is the Advance routing in Linksys router (»192.168.1.1/Advanced-Routing-Router.htm) Where I should be able to point the the public IP using static ip routing but do not know how to configure. I have setup static address on Linksys client so the device will always be on the Private address 192.168.1.100. Step by Step directions will be helpful due to many hours of research without any success.
Hi there. Static Routing is actually possible but only through a local network. May I ask, what is the issue you are having by the way with Netflix?
Maybe you are looking for
-
How do I lock in custom genres so iTunes doesn't change them?
-
Skype account balance not showing on android
My account balance shows a few dollars when view online but the balance shown in my profile on my device shows zero???
-
Google Services Framework message
" The application Google Services Framework (process com. google.process.gapps) has stopped unexpectedly. Please try again." I keep getting this message even when nothing is open. When someone calls me it shows up. When it is just sitting there it
-
Lightroom won't install from cloud
I keep getting an error message when trying to install lightroom, but photoshop, and bridge have worked fine. Is there an error with lightroom, its the main reason I have joined the cc option, as my lightroom version was LR2, so really wanted the upg
-
Every 10 seconds Samba Crashes
Windows and other SMB users can no longer connect to 10.6.8 Server Mac Mini. SMB service is "running" in Server Manager, and all settings look correct, and haven't changed since November 2011. Restarting the service doesn't fix it. I'm not a samba ex