06-13-2014 01:14 PM
Hello,
We have a Microsoft 2012 DA installation that enables clients to attach to our internal Infrastructure. The clients all end up with IPv6 addresses, and the DA server uses 6to4 translation for the clients to get to services. Problem I am finding is that when these clients log onto DA, our AD sees them all coming from the same IPv4 address. So I can't enforce proper URL Filtering based on user-id as the user-id that the firewall sees is constantly changing based on the AD logs seen by the agent.
I have attempted to use Captive Portal using NTLM and without just using the portal page and to ignore ID's learnt from the AD logs on the DA subnet, but the result is essentially the same, as once another use logs in, the firewall thinks the IP/User relationship has changed again.
Obviously you can get round this with Terminal Servers or Citrix servers using the specific agent. I have tried to install the agent on DA, but it won't install (Not really that surprising!) What is the correct answer in this instance? I can't convert my network to IPv6 to run DA natively, and I'm not sure what else we can do.
At the moment I think we may have to buy a Proxy just for this purpose which is not really what we want to be doing.
Any help much appreciated!
