Remote Access VPN Test Lab Extension: Adding IPv6 Connectivity

  • Article

This Remote Access VPN Test Lab Extension describes how to configure IPv6 connectivity for the Corpnet subnet and for remote access VPN clients. You add native IPv6 connectivity to the Corpnet subnet, reconfigure EDGE1 to support IPv6 over remote access connections, and then test end-to-end IPv6 connectivity between CLIENT1 and APP1 on the Corpnet subnet.

Note  These instructions are designed for a working remote access VPN test lab that has been configured based on the instructions in the Test Lab Guide: Demonstrate Remote Access VPNs.

If you are running the remote access VPN test lab in a virtual environment, you can create snapshots of the virtual machines (VMs) for all of the test lab computers before performing the following procedures.

Configuring and Demonstrating IPv6 Connectivity over Remote Access VPNs
To demonstrate the lack of IPv6 connectivity between CLIENT1 and APP1 with the default remote access VPN test lab:

  1. On APP1, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. In the Command Prompt window, type ipconfig, and then press ENTER. Notice the IPv6 address assigned to the Local Area Connection beginning with "fe80". Write it here: __________________________________
  3. Connect CLIENT1 to the Internet subnet.
  4. On CLIENT1, click the network icon in the notification area, click Open Network and Sharing Center, and then click Change adapter settings.
  5. In the Network Connections folder, double-click VPN Connection, and then click Connect. The VPN connection should complete successfully.
  6. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  7. In the Command Prompt window, type ping APP1_IPv6_Address, where APP1_IPv6_Address is the address recorded in step 2, and then press ENTER. This should fail with "Destination host unreachable" messages.
  8. In the Network Connections folder, right click VPN Connection, and then click Disconnect.

Although both CLIENT1 and APP1 by default have IPv6 installed and enabled, they are configured with link-local IPv6 addresses (beginning with "fe80"), which only provides connectivity on the same subnet. Since CLIENT1 is on a different subnet than APP1, pinging APP1's link-local address fails.

For IPv6 connectivity between CLIENT1 on the Internet and APP1 over a remote access VPN connection, we must configure the Corpnet subnet for native IPv6 connectivity and configure EDGE1 to act as an IPv6-capable remote access server.

To add native IPv6 connectivity to the Corpnet subnet, do the following:

  1. On EDGE1, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. In the Command Prompt window, type netsh interface ipv6 add route 2001:db8:0:1::/64 interface=Corpnet publish=yes, and then press ENTER.
  3. In the Command Prompt window, type netsh interface ipv6 add route ::/0 interface=Internet nexthop=fe80::1 publish=yes, and then press ENTER.
  4. In the Command Prompt window, type netsh interface ipv6 set interface Corpnet forwarding=enabled advertise=enabled, and then press ENTER.
  5. In the Command Prompt window, type ipconfig, and then press ENTER. Notice the new IPv6 address starting with “2001:db8:0:1” assigned to the Corpnet interface and the default gateway of fe80::1 assigned to the Internet interface.
  6. On APP1, in the Command Prompt window, type ipconfig. Notice the new IPv6 address starting with “2001:db8:0:1” and the default gateway beginning with "fe80" assigned to the Local Area Network interface.
  7. On DC1, click Start, point to Administrative Tools, and then click DNS.
  8. In the console tree, open DC1\Forward Lookup Zones\corp.contoso.com. Notice the AAAA records for the IPv6 addresses starting with "2001:db8" that are assigned to DC1, EDGE1, and APP1. Write down the IPv6 address for APP1 here: _________________________________________
  9. On EDGE1, in the Command Prompt window, ping APP1's address beginning with "2001:db8". This should be successful.

To add IPv6 connectivity over remote access VPN connections to EDGE1, do the following:

  1. On EDGE1, click Start, point to Administrative Tools, and then click Routing and Remote Access.
  2. In the console tree, right-click EDGE1, and then click Properties.
  3. On the General tab, select IPv6 Remote access server, and then click the IPv6 tab.
  4. In IPv6 prefix assignment, type 2001:db8:0:9999::. In Adapter, click Corpnet, and then click OK.
  5. When prompted to restart the router, click Yes.

To test IPv6 connectivity over remote access VPN connections to APP1, do the following:

  1. On CLIENT1, in the Network Connections folder, double-click VPN Connection, and then click Connect.
  2. In the Command Prompt window, type ipconfig, and then press ENTER. Notice the new IPv6 address starting with "2001:db8:0:9999" and the default gateway IPv6 address starting with "fe80" assigned to the PPP adapter VPN Connection. These values were assigned by EDGE1 during the VPN connection process.
  3. In the Command Prompt window, type ping app1. This should be successful. Notice that the IPv6 address is the same as APP1's IPv6 address in step 8 above.
  4. On APP1, click the network icon in the notification area, click Open Network and Sharing Center, and then click Change adapter settings.
  5. In the Network Connections folder, right-click Local Area Connection, and then click Properties.
  6. Clear Internet Protocol Version 4 (TCP/IPv4) in the list of items, and then click OK.
  7. On CLIENT1, in the Command Prompt window, type ping 10.0.0.3, and then press ENTER. This should fail with "Request timed out" messages because APP1 no longer is configured to use IPv4.
  8. From the taskbar, click the Internet Explorer icon.
  9. In the Address bar, type http://app1.corp.contoso.com/, and then press ENTER.  You should see the default IIS 7 web page for APP1.
  10. Click Start, type \app1\Files, and then press ENTER. You should see a folder window with the contents of the Files shared folder.
  11. In the Files shared folder window, double-click the Example.txt file. You should see the contents of the Example.txt file.
  12. Close the example.txt - Notepad and the Files shared folder windows.
  13. In the Network Connections folder, right click VPN Connection, and then click Disconnect.

With this new configuration, CLIENT1 can access the resources of APP1 using IPv6 over the remote access VPN connection.

If you are running the remote access VPN test lab in a virtual environment, you can discard the changes made by these procedures by restoring the previously made snapshots of the VMs for all of the computers in the test lab. Alternately, if you would like return to this working remote access VPN configuration with IPv6 enabled, you can create a new set of snapshots before restoring the previously made snapshots.

To manually restore the configuration of the remote access VPN test lab, perform the following procedure.

**Restoring the Remote Access VPN Test Lab
**To restore the remote access VPN test lab to its original configuration:

  1. On APP1, in the Network Connections folder, right-click Local Area Connection, and then click Properties.
  2. Select Internet Protocol Version 4 (TCP/IPv4) in the list of items, and then click OK.
  3. On EDGE1, in the console tree of the Routing and Remote Access snap-in, right-click EDGE1, and then click Properties.
  4. On the General tab, clear IPv6 Remote access server, and then click the IPv6 tab.
  5. In IPv6 prefix assignment, type ::. In Adapter, click Allow RAS to select adapter, and then click OK.
  6. When prompted to restart the router, click Yes.
  7. In the Command Prompt window, type netsh interface ipv6 delete route 2001:db8:0:1::/64 interface=Corpnet, and then press ENTER.
  8. In the Command Prompt window, type netsh interface ipv6 delete route ::/0 interface=Internet, and then press ENTER.
  9. In the Command Prompt window, type netsh interface ipv6 set interface Corpnet forwarding=disabled advertise=disabled, and then press ENTER.
  10. In the Command Prompt window, type ipconfig, and then press ENTER. Notice that the Corpnet interface now only has an IPv6 address beginning with "fe80".
  11. On CLIENT1, in the Network Connections folder, double-click VPN Connection, and then click Connect.
  12. In the Command Prompt window, type ipconfig, and then press ENTER. Notice that the PPP adapter VPN Connection no longer has an IPv6 address or IPv6-based default gateway.
  13. In the Network Connections folder, right click VPN Connection, and then click Disconnect.