|
IPv6 tunnel through a Cisco router that runs ipv4 NAT
![[dk]](/s/countries/dk.gif) Shadow Hawkins on Thursday, 22 March 2012 20:36:50
Hello
I got a Cisco 2621 Router that has a static tunnel to SixXS. The same router runs NAT on my private IPv4 network.
Router Setup:
Interface fa0/0
Public IP: 86.52.x.x
Nat outside
Interface fa0/1
Private IP: 192.168.x.x
Nat inside
Tunnel0
ipv6 address 2001:16D8:x:x::2/64
tunnel source 86.52.x.x
tunnel destination 93.158.x.x
tunnel mode ipv6ip
ipv6 route 2000::/3 2001:16D8:X:X::1
i cant seem to get this to work.
i tried giving my hosts in the inside 2001:16D8:x:x::2/64 adresses
i tried giving my fa0/1(inside) interface a fec0 address fd00 address and a Link Local fe80(automatic) and my hosts got one automatic in the same range.
I can ping the 2001:16D8:x:x::2/64 address on my router from the host but i cant ping 2001:16D8:x:x::1 (SixXS).
any Ideas?
IPv6 tunnel through a Cisco router that runs ipv4 NAT
What is the actual running configuration, what do the interface and routing tables look like? What entries do you have in your firewall logs? Why is there no MTU or TTL specified in the information you provide, did you enable IPv6? What IOS version is running on your router? etc etc etc
i tried giving my hosts in the inside 2001:16D8:x:x::2/64 adresses
You can't use the address from your tunnel for other hosts, it can only exist on the link.
You can use the per-default routed subnet though. See the FAQ for the details.
i tried giving my fa0/1(inside) interface a fec0 address
fec0::/8 is deprecated and should not be used any more. Also, it is globally unroutable space thus won't work for that purpose.
I can ping the 2001:16D8:x:x::2/64 address on my router from the host but i cant ping 2001:16D8:x:x::1 (SixXS).
That simply means that your tunnel does not work. Can be because of a lots of reason, you'll need to supply more details for more information.
IPv6 tunnel through a Cisco router that runs ipv4 NAT
Shadow Hawkins on Friday, 23 March 2012 17:02:17
Thanks for the answer. I missed the dedicated Routed subnet. that made it work.
forgive me for not knowing, but is this because the 64 prefix bits include subnetting? my tunnel net looks something like this:
2001:16D8:x:234::/64
My Routed subnet looks something like this:
2001:16D8:x:8234::/64
its the same but 8000 higher and its a change inside the first 64 bit. It could be put on different interfaces.
Thanks again
IPv6 tunnel through a Cisco router that runs ipv4 NAT
Thanks for the answer. I missed the dedicated Routed subnet. that made it work. forgive me for not knowing.
Nothing to forgive is there, as now you know how it works. One learns best by doing and figuring out what goes wrong and asking when it is not that obvious.
but is this because the 64 prefix bits include subnetting?
IPv6 addresses are 128 bits. Thus if the notion is /64, it means that the first 64 bits are meant and when those are different then it is a different subnet.
its the same but 8000 higher and its a change inside the first 64 bit.
Correct. Note though that this is just the way that SixXS assigns these subnets. It could have been a completely different subnet too. (the reason for the 0x8000 is that it effectively flips one bit in those 16bits which thus splits the /48, out of which the tunnels are allocated into two /52's, one for tunnels and one for the default routed subnets)
|
![[ch]](/s/countries/ch.gif)
on Friday, 23 March 2012 15:09:03
Posting is only allowed when you are