Now that we have a test lab from parts 1 and 2, we can get to the business of actual ISATAP configuration.
- Configure ISATAP Server
- Configure Routes
- Configure DNS
Configure ISATAP Server
Here’s what we’ll need to do:
- Configure the name and interfaces
- Enable the ISATAP interface.
- Configure the Routes.
This is no biggie. Run this code on isatap1.
Rename-NetAdapter -Name "Ethernet" -NewName "net1" New-NetIPAddress -IPAddress 10.10.10.25 -PrefixLength 24 -InterfaceAlias net1 New-NetIPAddress -IPAddress fd1a:6cf8:7eeb:401::25 -PrefixLength 64 -InterfaceAlias net1 New-Netroute -InterfaceAlias "net1" -DestinationPrefix 0.0.0.0/0 -NextHop 10.10.10.1 netsh interface ipv4 add dnsservers net1 10.10.10.10 index=1 Add-Computer contoso.com -newname isatap1 -restart
Enable the ISATAP Interface
A lot of people configure a DNS record to enable ISATAP, which is fine. However, you want the ISATAP router to continue to have ISATAP enabled even if DNS is down. To do this, we’ll add a host entry on isatap1 itself.
echo isatap.contoso.com 10.10.10.25 >> C:\windows\system32\drivers\etc\hosts echo isatap 10.10.10.25 >> C:\windows\system32\drivers\etc\hosts
Now, if you disable and enable the network adapter, and then run ipconfig, you’ll see that the ISATAP adapter has switched from ‘Media Disconnected’ to online.
You need to reboot the ISATAP router at this point to make sure that the ISATAP interface is online and working properly, and that the routing tables have been updated.
Configure the Routes
First, we need to choose a prefix for our ISATAP addresses. For our lab, I chose fd1a:6cf8:7eeb:500::/64.
Next comes the tricksy part. Code:
#first, find the interface name of your LAN adapter and your ISATAP adapter Get-NetAdapter #after the following commands, clients will have an ISATAP address enabled, but they'll have no default gateway. #in this configuration, ISATAP is technically enabled and hosts and communicate, but they cannot reach other native ipv6 links. netsh interface ipv6 set interface [#-of-isatap-adapter] advertise=enabled netsh interface ipv6 add route fd1a:6cf8:7eeb:500::/64 [#-of-isatap-adapter] publish=yes #after the following commands, clients will have a default gateway for their isatap interface and be able to use it. netsh interface ipv6 set interface [#-0f-LAN-adapter] forwarding=enabled netsh interface ipv6 set interface [#-0f-isatap-adapter] forwarding=enabled netsh interface ipv6 add route ::/0 [#-of-LAN-adapter] nexthop=fd1a:6cf8:7eeb:400:: publish=yes
There’s only one problem left. Since rras1 doesn’t have a route to fd1a:6cf8:7eeb:500::/64, clients on net1 and net2 won’t be able to ready clients on net3. To fix this, login to rras1 and run the following code:
#get the network interface numbers Get-NetAdapter netsh interface ipv6 add route fd1a:6cf8:7eeb:500::/64 [#-of-net1] nexthop=fd1a:6cf8:7eeb:401::25
Now, you’re golden. The ISATAP router should be up and running.
To enable ISATAP site-wide, we need to do some work on adds1:
set-dnsserverglobalqueryblocklist -list wpad add-dnsserverresourcerecordcname -zonename contoso.com -name isatap -hostnamealias isatap1.contoso.com
Alright. To test things out, reboot your clients to ensure that the ISATAP interface comes online. Next, try to ping the ISATAP interface of client3 from client1 and client2, and vice versa. Everything should work at this point.