ManageOut with BIG-IP design

Hi, I have setup a single Win2012 DA server with Win7 Clients and it works pretty good.

Now the plan is to add a second server with BIG-IP as the external load balancer. I have 2 questions about this.

1. For ManageOut-enabled Clients (typical Helpdesk computers), I understand that they need native IPv6. If I understand correctly, those ManageOut Clients, they need to have an IPv6 address in the same range as the DA servers. The DA server (and the internal network) initially did not have any IPv6 address and the DA wizard created automatically an fdf1: address with a /64 prefix. My plan was to add IPv6 addresses in the same range to MangeOut Clients. But according to documentation, if you use an external load balancer, you need to change to a /59 prefix.

Does the "Enable load balancing" wizard in Remote Access do this automatically?

2. In order for ManageOut to be redundant, I believe I have to make the IPv6 default gateway on the ManageOut Clients to the VIP Interface of BIG-IP, am I correct?

February 3rd, 2015 4:22am

Hi,

About the /59, I would say Yes but I can't remember.
Maybe I changed it before moving to NLB.

For the rest, you created a IPv4 DirectAccess infrastructure and now have NAT64 IPv6 addresses for your clients.
For me, the manage-out scenario should be ISATAP but it is not supported (and disabled in the server's firewalls) if you implement a NLB Cluster with this configuration.


The good way should be to reinstall your infrastructure with IPv6 connectivity between the DirectAccess servers and your internal infrastructure.
With this configuration, you can use an internal F5 Big-IP for Manage-out.

Gerald



Free Windows Admin Tool Kit Click here and download it now
February 3rd, 2015 9:11am

Hi,

About the /59, I would say Yes but I can't remember.
Maybe I changed it before moving to NLB.

For the rest, you created a IPv4 DirectAccess infrastructure and now have NAT64 IPv6 addresses for your clients.
For me, the manage-out scenario should be ISATAP but it is not supported (and disabled in the server's firewalls) if you implement a NLB Cluster with this configuration.


The good way should be to reinstall your infrastructure with IPv6 connectivity between the DirectAccess servers and your internal infrastructure.
With this configuration, you can use an internal F5 Big-IP for Manage-out.

Gerald



February 3rd, 2015 5:11pm

Hi,

About the /59, I would say Yes but I can't remember.
Maybe I changed it before moving to NLB.

For the rest, you created a IPv4 DirectAccess infrastructure and now have NAT64 IPv6 addresses for your clients.
For me, the manage-out scenario should be ISATAP but it is not supported (and disabled in the server's firewalls) if you implement a NLB Cluster with this configuration.


The good way should be to reinstall your infrastructure with IPv6 connectivity between the DirectAccess servers and your internal infrastructure.
With this configuration, you can use an internal F5 Big-IP for Manage-out.

Gerald



Free Windows Admin Tool Kit Click here and download it now
February 3rd, 2015 5:11pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics