Remote access clients that are running Windows Vista cannot access Routing and Remote Access Service servers that use IPv6

SYMPTOMS
Remote access clients that are running Windows Vista cannot access Routing and Remote Access Service servers that use IPv6 or the computers behind the servers.

CAUSE
Assume that you have used remote access policy to add Point-to-Point Protocol (PPP) connection-based IPv6 filters to Routing and Remote Access Service static filters. For example, you configure remote access policy to enable only TCP port 80 to carry traffic. In this scenario, the remote access policy will block all traffic except the traffic that is specified in the policy. The blocked traffic includes Internet Control Message Protocol (ICMP) v6 neighbor discovery (ND) packets. These packets are required for clients to reach Routing and Remote Access Service servers that use IPv6 or the computers behind these servers.

Note Routing and Remote Access Service servers that use IPv4 do not require ICMPv6 ND packets. Therefore, this issue does not occur if Routing and Remote Access Service servers use IPv4.

RESOLUTION
1. To resolve this issue, follow these steps:
2. Locate and then open the remote access policy.
3. Click the Settings tab, and then click IP Filters.
4. Under IPv6, click Input Filters.
5. Add the following explicit filters to enable ICMPv6 ND packets to be received:
- IPv6 Next header type == 58, ICMP header type = 133
- IPv6 Next header type == 58, ICMP header type = 134
- IPv6 Next header type == 58, ICMP header type = 135
- IPv6 Next header type == 58, ICMP header type = 136
- IPv6 Next header type == 58, ICMP header type = 137