Tunnel UP/DOWN
Shadow Hawkins on Saturday, 23 October 2010 21:35:23
Hi Tunnel is up/down.
sh run int tu2
interface Tunnel2
no ip address
ipv6 address 2A01:348:6:39C::2/64
ipv6 enable
ipv6 mtu 1280
tunnel source 80.229.156.181
tunnel destination 77.75.104.126
tunnel mode ipv6
end
Also setup in the config
ipv6 unicast-routing
ipv6 cef
ACL lines are:
200 permit gre host 77.75.104.126 host 80.229.156.181
210 permit ip host 77.75.104.126 host 80.229.156.181 (3 matches)
220 permit icmp host 77.75.104.126 host 80.229.156.181
Any ideas???
Tunnel UP/DOWN
Jeroen Massar on Sunday, 24 October 2010 10:25:37
You are forgetting the part of what you are actually trying to tell with the above and what you are trying to accomplish, on what hardware, operating system etc
I'll take a leap of assumptions and guess that you have a Cisco box, and assume you have a static tunnel, in which case your ACLs might want to also include protocol 41 (which is used for static tunnels as can be found in the FAQ), assuming that you are blocking everything else and forgetting to log it.
Tunnel UP/DOWN
Shadow Hawkins on Sunday, 24 October 2010 23:23:17
Good point:
Trying to establish a static tunnel:
Cisco IOS Software, C837 Software (C837-K9O3SY6-M), Version 12.4(5b), RELEASE SOFTWARE (fc2)
Did a quick google search and added:
permit 41 host 77.75.104.126 host 80.229.156.181
Tunnel still up/down.
Tunnel UP/DOWN
Jeroen Massar on Sunday, 24 October 2010 23:32:37 Tunnel still up/down.
As protocol 41 does not have any 'down' notice as protocol 41 does not have any alive notification of any kind. It is just either 'configured' or 'it is not configured', having any status thus is just silly.
Just test if it actually works, and otherwise show the actual running configuration and some simple tests.
Also, details about your actual network environment can be very useul.
permit 41 host 77.75.104.126 host 80.229.156.181
And did you also do that for the other way around? And do you know why that should be added and in which location in your firewall rules?
Tunnel UP/DOWN
Shadow Hawkins on Tuesday, 26 October 2010 12:32:52
It looks like you have enabled all the IPv4 stuff.
But have to enabled ICMPv6 inside the tunnel of IPv6 ? If by default you have security enabled on a Cisco, then it will DROP packets it doesn't have a permit rule for. This is the Cisco way or working.
A complete guess at commands (with help from google):
interface Tunnel2
ipv6 traffic-filter ip6in in
ipv6 traffic-filter ip6out out
ipv6 access-list ip6in
permit icmp any any
# Whatever rule here to enable stateful inspection replies
ipv6 access-list ip6out
permit icmp any any
permit tcp any any eq dns
permit udp any any eq dns
permit udp any any eq ntp
Attempt to print from the Cisco console to the IP6 2A01:348:6:39C::1 if that works then you are setup.
Since you have the tunnel point-to-point setup, a Cisco router by itself it not that useful, you may need to obtain an IPv6 subnet.
Tunnel UP/DOWN
Shadow Hawkins on Saturday, 13 November 2010 22:27:21
Hi,
I have no filtering on the traffic passing in/out of the tunnel.
Tunnel is still up/down even when all ACLs are disabled. Stuggling to find out what to do further?
How would you go about getting a subnet if you don't have enough isk?
Regards
Alasdair Smith
Tunnel UP/DOWN
Shadow Hawkins on Sunday, 14 November 2010 00:35:17
Alasdair,
Change tunnel mode to:
tunnel mode ipv6ip
It should be better now :)
How would you go about getting a subnet if you don't have enough isk?
What was the point to get subnet if you couldn't get your tunnel to work? Subnet definitely wouldn't work routed through to dead tunnel.
Once your tunnel is up and running keep it up until you get enough ISK to request subnet..
Hope changing tunnel mode will help. Best of luck!
Regards,
Sergiusz
Tunnel UP/DOWN
Shadow Hawkins on Monday, 22 November 2010 22:40:13
Sergiusz,
Thank you so much it's up/up. I hadn't noticed that second option for tunneling under ipv6.
Nicely done!
Regards
Alasdair
Posting is only allowed when you are logged in. |