Firewall design considerations depend largely on the protocol and IP version involved in the Remote Access solution. For example, if the Remote Access server is IPv4-based, certain firewall exceptions are required, as listed in Table 3-1.
Remote Access servers using IPv6 have the exceptions listed in Table 3-2.
TABLE 3-2 Remote Access Server Exceptions
Other firewalls should also allow traffic for Internet Protocol 41 for ISATAP as well as TCP/ UDP for IPv4 and IPv6 traffic between the Remote Access server and the client. If Teredo is being used, Internet Control Message Protocol (ICMP) should also be allowed.
