|
Cisco 1941 with IOS 15 not working
![[nl]](/s/countries/nl.gif) Shadow Hawkins on Friday, 03 June 2011 14:27:34
Hi,
Following the FAQs, RTFMs and all other documentation, I still do not get the IPv6 tunnel to work. Somehow it does not connect to the broker which is SurfNet.NL
I have a static IP address for the connection so heartbeats e.a. are not required (??)
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.0(1)M2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 10-Mar-10 22:27 by prod_rel_team
interface Tunnel66
description 6in4 tunnel to SixXS
no ip address
ip mtu 1280
ipv6 address 2001:610:600:8E7::2/64
ipv6 enable
ipv6 mtu 1280
tunnel source GigabitEthernet0/0
tunnel mode ipv6
tunnel destination 192.87.102.107
end
Anyone ?
Regards, Gilles
Cisco 1941 with IOS 15 not working
Shadow Hawkins on Friday, 03 June 2011 14:38:29
By the way, you only have limited tunnel capabilities with the newer IOS.
RTR(config-if)#tunnel mode ?
aurp AURP TunnelTalk AppleTalk encapsulation
cayman Cayman TunnelTalk AppleTalk encapsulation
dvmrp DVMRP multicast tunnel
eon EON compatible CLNS tunnel
gre generic route encapsulation protocol
ipip IP over IP encapsulation
iptalk Apple IPTalk encapsulation
ipv6 Generic packet tunneling in IPv6
nos IP over IP encapsulation (KA9Q/NOS compatible)
Cisco 1941 with IOS 15 not working
"ipv6" looks like the correct one to me. It used to be 'ipv6ip' though once upon a time ;)
Cisco 1941 with IOS 15 not working
Did you check FAQ: Cisco IOS ?
The first line "ipv6 unicast-routing" used to be a requirement and it might still be. The "tunnel mode" is 'ipv6ip' in our example btw and the order of arguments is also different, for instance you enable ipv6 after adding an address.
Next to that, as your endpoint is not responding even with ICMP unreachables to the packets going to your endpoint, you will want to look at your firewall rules if protocol-41 is being accepted.
Finally, you might want to also look at the running configuration of the machine, as it might not be what you think you typed in, especially if you tried other things before which might still be lingering ;)
Cisco 1941 with IOS 15 not working
Shadow Hawkins on Friday, 03 June 2011 15:02:49
Wow fast response.
ipv6 unicast-routing
ipv6 cef
...are also included in the configuration but, like you mentioned, they are still a prerequisite.
The order of the commands is what the router makes of it. Deleted the tunnel and reinserted the lines, no dice.
Some side-info, I requested the tunnel on a static IP address (x.y.z.66) which is pingable on IPv4. Also, Protocol-41 allows for heartbeats and what not but Cisco Router do not really need to have those....
As I do not know the configuration on 'the other side' it is hard for me to troubleshoot....
Regards, Gilles
Cisco 1941 with IOS 15 not working
Shadow Hawkins on Friday, 03 June 2011 15:13:06
..more info
Tunnel66 is up, line protocol is down
IPv6 is tentative, link-local address is FE80::CA4C:75FF:FE89:CA40 [TEN]
No Virtual link-local address(es):
Description: 6in4 tunnel to SixXS
Global unicast address(es):
2001:610:600:8E7::2, subnet is 2001:610:600:8E7::/64 [TEN]
Joined group address(es):
FF02::1
FF02::2
MTU is 1280 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
Hosts use stateless autoconfig for addresses.
Cisco 1941 with IOS 15 not working
As I do not know the configuration on 'the other side' it is hard for me to troubleshoot....
What you have requested and what is active is a standard protocol-41 tunnel, the same thing that SixXS has been providing for more than 10 years already and that works normally like a charm.
I already verified that everything is fine; somebody is sending IPv6 pings to your side of the tunnel and the PoP is passing these on but no response is coming back, not even a ICMP unreachable on the IPv4 level.
As such as stated previously, check your firewall and verify that everything is correctly configured.
Cisco 1941 with IOS 15 not working
Shadow Hawkins on Saturday, 04 June 2011 11:07:40
Hi,
The router is directly connected to internet. It does not use any kind of protection other then NAT. The router has several other IPv4 tunnels to other networks but somehow, the SIXXS tunnel does not work.
Could you send me more information about the tunnel as it might be a IOS15 issue rather than a SIXXS/Configuration issue ?
Regards, Gilles
Cisco 1941 with IOS 15 not working
It does not use any kind of protection other then NAT.
NAT is not protection in any way or form.
The router has several other IPv4 tunnels to other networks but somehow, the SIXXS tunnel does not work.
But those are 'IPv4 tunnels', which are not protocol 41 but most likely GRE or IPSEC. Are you sure that you are routing your packets correctly?
Does the featureset on your Cisco support IPv6? It is used to be that one needed Advanced Services and other such things to get IPv6 enabled, but that might have changed.
Could you send me more information about the tunnel as it might be a IOS15 issue rather than a SIXXS/Configuration issue ?
It is a plain standard protocol-41 tunnel which has been working in various Ciscos since 1997....
Cisco 1941 with IOS 15 not working
Shadow Hawkins on Saturday, 04 June 2011 13:08:57
Thanks for the support so far. It looks like it is a license issue at this point.
The IOS 15 Base version supports a variety of IPv6 commands but not the ipv6ip tunnel mode.
I am looking to upgrade the router to a license which supports these features.
Cisco 1941 with IOS 15 not working
I would not be surprised if ipv6ip == ipv6.
Then again, a quite recent article like Outside Tunnel Router IOS Configuration mentions also using 'ipv6ip'.
He uses a specific tunnel source IP though.
Cisco 1941 with IOS 15 not working
Shadow Hawkins on Saturday, 04 June 2011 21:17:16
Jeroen,
As you seem to be 'the goto guy' for SixXS, I have moved my tunnel configuration to another router of mine. This router is a Cisco 28xx somewhere else.
Of course, this tunnel does not work either for some strange reason.
Details: System image file is "flash:c2800nm-advipservicesk9-mz.124-24.T4.bin"
..
!
ipv6 unicast-routing
ipv6 source-route
!
..
interface Tunnel66
description 6in4 tunnel to SixXS
no ip address
no ip unreachables
ip mtu 1280
ipv6 address 2001:610:600:8E7::2/64
ipv6 enable
ipv6 mtu 1280
tunnel source FastEthernet0/0
tunnel destination 192.87.102.107
tunnel mode ipv6ip
end
I have change the tunnel in "Home" to this new IP address. Is it possible that you verify if the change of IP has already been processed ?
Regards, Gilles
Cisco 1941 with IOS 15 not working
Seems to ping just fine:
64 bytes from 2001:610:600:8e7::2: icmp_seq=1 ttl=57 time=6.39 ms
Maybe you where to quick in testing, changes are only pushed out every 10 minutes.
Of course, this tunnel does not work either for some strange reason.
What exactly does not work, you might want to provide more verbose information. The configuration you type into a box is not helpful, output of commands and running information is.
Cisco 1941 with IOS 15 not working
Shadow Hawkins on Saturday, 04 June 2011 21:28:03
More info
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:610:600:BE7::1, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
Cisco 1941 with IOS 15 not working
![[ca]](/s/countries/ca.gif) Shadow Hawkins on Wednesday, 08 June 2011 15:46:30
I might be wrong, but you're pinging a different IP : your tunnel IP is 001:610:600:8E7::1, not 001:610:600:BE7::1
Cisco 1941 with IOS 15 not working
Shadow Hawkins on Wednesday, 08 June 2011 23:10:06
You are completely right, I figured that one out as well ;-)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:610:600:8E7::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
By the way, can you transfer ISK points from one to another ? I want to move forward but I cannot :-(
|
![[ch]](/s/countries/ch.gif)
on Friday, 03 June 2011 14:47:59
Posting is only allowed when you are