Quantcast
Channel: Forefront Edge Security – DirectAccess, UAG and IAG フォーラム
Viewing all articles
Browse latest Browse all 1485

Open UDP Port 500 on Direct Access Clients for Manage Out?

$
0
0

I'm currently facing a weird issue. A while ago I configured a Direct Access cluster (2 Node NLB). I've also configured ISATAP connectivity to allow manage out from a limited set of hosts. HTTPS. Ping connectivity from the ISATAP host is working just fine.

The problem that I'm seeing is the following: I've got two identical, as far as I can tell, clients, and I'm able to remotely open registry on one client but not on the other. other services such as remote desktop, file browsing, ... all fail on one but succeed on the other.

Initially I added some rules in the firewall to make this scenario work (E.g. enable TCP 445 etc) on the public/private profiles. Either way also from a firewall rule base perspective they appear to be the same...

yet, one hosts works and the other fails. The failing one seems to be dropping UDP 500 traffic originating from the internal IPv6 VIP of the DA cluster. If I allow this address all is fine...

Is there anyone with an explanation? I'm really curious...


http://setspn.blogspot.com


Viewing all articles
Browse latest Browse all 1485

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>