Plz Help: IPv6 LAN Deployment to VM's Windows 2008 R2 / Win7 + domain / VMWare

[hacktics]

Hello :)
For the purpose of experimenting and learning I want to construct what might as well just be an impossible configuration. However, I've been browsing these forums for the past 2 days and found lots of "Almost just like that..."-topics. The most recent topic I tried to struggle through was this one:
http://www.tunnelbroker.net/forums/index.php?topic=873.45

At some page, a whole bunch of netsh lines are given, supposedly to configure a Tunnelserver in a LAN-routed enviroment. Well, I tried just too much, and I've just reset to previous snapshots enough till I get a really clear sollution specifically taylored to my situation. I've been at it for hours and days, but I'm probably missing something. At one point I got my tunnel presenting routable adresses to the VM's but I have not been able to reproduce the Netsh-mess I made in that case.

Let me explain:
- I'm behind a NAT/Internet Gateway Device (popurlarly refferred to as a router, but it's one of those consumer all-in-one devices el-cheapo)
- My LAN uses 192.168.1.0/24 with 1Gbit local network, routed and switched.
- All clients use DHCP *.100 to *.200
- My workstation has a fixed/static IPv4-adres assigned to the VMWare Bridge adapter: 192.168.1.11
- I have setup a small domain environment in VMWare Workstation 8, on a rather powerfull workstation.
- In VMWare I have a Team with 2x Windows 2008 R2 64bit servers and 2x Windows 7 Enterprise 64bit clients (maybe I put some more in when this works in basic)

So...
The VMWare Team has it's own LAN-segment in VMWare. 3 VM's are only connected to this seperate virtual LAN and outside connectivity is made possible by RRAS.
I believe one would call my setup a NAT-in-NAT-configuration.
Server 1> \\H1T-DC1 has 2 virtual NICs : ETH0:192.168.1.11->RAS-Server->ETH1:10.10.0.1 /16 (I have big plans as you can see ;) -jk: just wanted to use this range so I could experiment with even more complex setups)
The 4 VM's are in a AD domain called H1T.local. so the participants are:
H1T-DC1 (2008 R2 w/ RRAS)
H1T-DC2 (2008 R2)
H1T-CL1 (Win 7)
H1T-CL2 (Win 7)

(adding more clients later)
Which al receive DHCP-adresses from a scope: from 10.10.0.10 to 10.10.0.210

Now you have a fair impression of what my setup looks like. This I tried and I can reproduce to work:
- I can setup any linux box with radvd in notime and have fully functional /64's from my routed /48; However, this is NOT what I intend to repeat.
I need to obtain my MCITP Enterprise Admin certifications in the next couple of months so "I have to think Microsoft" so to speak.
- I can get my tunnel setup at any client in my routed LAN at any one host. However: I wish to deploy /64 subnets and hosts from my /48.
- I know the basics of configuring services like ADDS, RRAS, DNS and DHCP with Windows 2008, this excercise should provide me with more in-depth understanding/hands on experience.

My IPv6 Tunnel: 2001:470:1f14:1dd6::1
My IPv6 Endpoint: 2001:470:1f14:1dd6::2
My routed /64: 2001:470:1f15:1dd6::
My routed /48: 2001:470:787c::
3 /64's I will be using as needed:
2001:470:787c:1::/64
2001:470:787c:2::/64
2001:470:787c:3::/64

For starters I want my H1T-DC1 to be equipped with the tunnel and the other 3 hosts in one routed /64 from my routed /48. I would like a real routed environment, so the clients behind my Tunnel can get DNS-configured at some point in time.

Later on I wish to experiment with DirectAccess and remote clients, so I would probably need to be able to deploy more /64's to provide IPv6-connectivity to the DirectAccess-clients. But this is a whole other experiment, I will try to setup later.

Please help me with a step by step instruction on how to proceed as for configuring the routed IPv6 addresses in such a manner that hosts on my side of the tunnel appear with fully routable addresses. I want to keep the IPv6 part of my network in VMWare for now, but if for some reason it's better to setup my host computer with the tunnel, I'm prepared to do so. I like the idea of keeping every host with IPv6-connectivity within my artificial environment for now, security wise.

[jbwisemo]

Ok, a few things:

1. For those VMs that are not connected to the outside network, just let them get native IPv6 from a /64 subnet of your /48 announced by one which does (more on that later).  Little or no netsh commands should be needed on those, except perhaps to disable automatic use of Teredo and 6to4.

2. The network pseudo-tld ".local" has been usurped by "mDNS", which is used by various software packages.  So avoid that (fortunately, Server 2008 allows you to rename domains and trees).  Try using ".test" for test setups and a subdomain of your real live domain for real networks.

3. On the VM that will act as your outgoing router and HE tunnel endpoint (don't call this a "relay" or other words reserved for the hardware at HE's end), first set up the HE tunnel as if this was the only machine to use that tunnel (follow HEs end-user guides for the matching desktop windows 2008=Vista, 2008R2=Win7 etc.)

4. Then manually (using the GUI or netsh) set the Adapter on your test VLAN to a fixed IPv6 address in the /64 you will use for the VLAN.  Typically the ::1 address.  Example: If your HE assigned /48 is 2001:DB8:1234::/48, and you decide to use the 0A00 subnet for your 10.10.0.0/16 VLAN, set the IPv6 network address on your VLAN to 2001:DB8:1234:0A00::1, set the netmask to /64 and do NOT specify a default route (this machine will become the default route in a moment).

5. Use the command "route print" to make sure your router VM has a default IPv6 route pointing to HE through the tunnel and no default route pointing onto your test VLAN.

6. Now use netsh to enable IPv6 routing, and the sending of IPv6 router advertising on the test VLAN.  For the exact commands, refer to your MSCE training handbooks.

7. After a few minutes, the other 3 VMs should pick up their IPv6 addresses from the router advertisements sent by the router VM.

8. In the DNS setup on your DC VMs, add AD-integrated reverse IP zones for both the IPv4 and IPv6 network address space on your test VLAN.  This can be done with the DNS MMC console in Administrative tools from either DC (remotely managing DNS on the other one).

9. Restart first the router DC VM, then each of the other VMs in turn, and verify that they add themselves to both forward and reverse DNS zones on the DCs.