I have been testing the deployment of a Direct Access (standalone) server and I have most everything working the way I want however I discovered that some public websites will not work from the test direct access client when connected remotely. For example, going to msn.com or ipchicken.com works just fine (and ipchicken does report the corporate gateway IP) however google.com and facebook.com do not work.
In troubleshooting, I observed that any website in which an nslookup will return an IPv6 address, the client computer will not be able to access the page. If the nslookup only returns IPv4 addresses, then the client can access the page. (This may be a coincidence however it has been holding true.)
The DA server has a single NIC behind a NAT. We do not have an IPv6 gateway. IPHTTPS is the translation technology in use. My speculation is that when clients query DNS from the DA server, if the DA server finds a public IPv6 address, then that address is returned to the client. Then the client sends the web request through the DA server to the IPv6 endpoint. Once it gets to our DA server, we do not have an IPv6 gateway so I imagine that is where it stops and thus fails to return the webpage to the client.
If I am on the right track, what I really need help with is figuring out how to force the DA server to only return public IPv4 addresses. If I am out in left field, please help me get back on track.
Thank you.
ZNS