SixXS::Sunset 2017-06-06

Tunnel UP/DOWN
[gb] Shadow Hawkins on Saturday, 23 October 2010 21:35:23
Hi Tunnel is up/down. sh run int tu2 interface Tunnel2 no ip address ipv6 address 2A01:348:6:39C::2/64 ipv6 enable ipv6 mtu 1280 tunnel source 80.229.156.181 tunnel destination 77.75.104.126 tunnel mode ipv6 end Also setup in the config ipv6 unicast-routing ipv6 cef ACL lines are: 200 permit gre host 77.75.104.126 host 80.229.156.181 210 permit ip host 77.75.104.126 host 80.229.156.181 (3 matches) 220 permit icmp host 77.75.104.126 host 80.229.156.181 Any ideas???
Tunnel UP/DOWN
[ch] Jeroen Massar SixXS Staff on Sunday, 24 October 2010 10:25:37
You are forgetting the part of what you are actually trying to tell with the above and what you are trying to accomplish, on what hardware, operating system etc I'll take a leap of assumptions and guess that you have a Cisco box, and assume you have a static tunnel, in which case your ACLs might want to also include protocol 41 (which is used for static tunnels as can be found in the FAQ), assuming that you are blocking everything else and forgetting to log it.
Tunnel UP/DOWN
[gb] Shadow Hawkins on Sunday, 24 October 2010 23:23:17
Good point: Trying to establish a static tunnel: Cisco IOS Software, C837 Software (C837-K9O3SY6-M), Version 12.4(5b), RELEASE SOFTWARE (fc2) Did a quick google search and added: permit 41 host 77.75.104.126 host 80.229.156.181 Tunnel still up/down.
Tunnel UP/DOWN
[ch] Jeroen Massar SixXS Staff on Sunday, 24 October 2010 23:32:37
Tunnel still up/down.
As protocol 41 does not have any 'down' notice as protocol 41 does not have any alive notification of any kind. It is just either 'configured' or 'it is not configured', having any status thus is just silly. Just test if it actually works, and otherwise show the actual running configuration and some simple tests. Also, details about your actual network environment can be very useul.
permit 41 host 77.75.104.126 host 80.229.156.181
And did you also do that for the other way around? And do you know why that should be added and in which location in your firewall rules?
Tunnel UP/DOWN
[gb] Shadow Hawkins on Tuesday, 26 October 2010 12:32:52
It looks like you have enabled all the IPv4 stuff. But have to enabled ICMPv6 inside the tunnel of IPv6 ? If by default you have security enabled on a Cisco, then it will DROP packets it doesn't have a permit rule for. This is the Cisco way or working. A complete guess at commands (with help from google): interface Tunnel2 ipv6 traffic-filter ip6in in ipv6 traffic-filter ip6out out ipv6 access-list ip6in permit icmp any any # Whatever rule here to enable stateful inspection replies ipv6 access-list ip6out permit icmp any any permit tcp any any eq dns permit udp any any eq dns permit udp any any eq ntp Attempt to print from the Cisco console to the IP6 2A01:348:6:39C::1 if that works then you are setup. Since you have the tunnel point-to-point setup, a Cisco router by itself it not that useful, you may need to obtain an IPv6 subnet.
Tunnel UP/DOWN
[gb] Shadow Hawkins on Saturday, 13 November 2010 22:27:21
Hi, I have no filtering on the traffic passing in/out of the tunnel. Tunnel is still up/down even when all ACLs are disabled. Stuggling to find out what to do further? How would you go about getting a subnet if you don't have enough isk? Regards Alasdair Smith
Tunnel UP/DOWN
[ie] Shadow Hawkins on Sunday, 14 November 2010 00:35:17
Alasdair, Change tunnel mode to:
tunnel mode ipv6ip
It should be better now :)
How would you go about getting a subnet if you don't have enough isk?
What was the point to get subnet if you couldn't get your tunnel to work? Subnet definitely wouldn't work routed through to dead tunnel. Once your tunnel is up and running keep it up until you get enough ISK to request subnet.. Hope changing tunnel mode will help. Best of luck! Regards, Sergiusz
Tunnel UP/DOWN
[gb] Shadow Hawkins on Monday, 22 November 2010 22:40:13
Sergiusz, Thank you so much it's up/up. I hadn't noticed that second option for tunneling under ipv6. Nicely done! Regards Alasdair

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker