ISATAP setup on Windows clients

Recently ran into the question of how to configure ISATAP adaptors on our Windows machines. ISATAP is an IPv6 transition mechanism which relies on an IPv4 infrastructure to automatically configure IPv6 addresses which can be used within a site. It doesn’t generally provide any external routeability to the wider world via IPv6 and acts as a workaround to avoid full IPv6 deployment, in this case for an implementation of Microsoft’s DirectAccess.

This assumes you have already configured your ISATAP router.

Configuration on clients is mostly automatic. It relies on two things being true, the first is that your hosts can resolve the DNS alias “isatap” on your local network (e.g. isatap.mycompany.local). This allows them to locate the ISATAP router. Second ISATAP itself needs to be enabled. This can be done using this command:

netsh interface isatap set state enabled

Alternatively you can enable this using Group Policy by editing the following policy:

Computer Configuration\Policies\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\ISATAP State

The value of:

netsh interface isatap show router

Should generally show:

Router Name            : default
Use Relay : default
Resolution Interval : default

You can set the router name manually using either a netsh set command:

netsh interface isatap set router somerouter

Or via Group Policy.

After running these commands the output of ipconfig should change to show fe80:: link-local IPv6 addresses for the isatap adaptors and, all being well, a 2002:: isatap address as well.

If not check your DNS configuration, one thing you might need to do is to remove a block on the isatap name resolving:

And lots more troubleshooting for ISATAP/DirectAccess here: