Today’s tip…

Direct Access now includes NAT64 and DNS64 support.

This is really a big deal! Windows 2008 R2 Direct Access required that all internal resources be reachable directly using an IPv6 address.  This meant one of two things for the typical administrator considering implementing Direct Access…

  • The internal network and computers had to be configured for native IPv6.  Most companies have not implemented IPv6 internally and doing so would be a large scale endeavor.
  • Deploy an ISATAP server that would allow clients to automatically configure an ISATAP address.  This could be messy on a large network.

NAT64 and DNS64 support provide a smoother deployment without requiring IPv6 connectivity to internal resources.

DNS64 provides support for converting an IPv4 DNS response into a memory mapped IPv6 address that is sent to the Direct Access client.  The Direct Access client communicates to the mapped IPv6 address, the NAT64 component translates the traffic to the appropriate IPv4 address for the internal resource.  The bottom line is that Direct Access requires no changes to the internal IPv4 network, providing a smooth and easy deployment.