Hi
I am tunnel broker in gns3 cisco router
I can ping the ipv4 server address but,not ipv6 address,so i can't ping any ipv6 address
Server IPv4 Address:216.66.84.42
Server IPv6 Address:2001:470:1f12:1155::1/64
Client IPv4 Address:197.15.27.141
Client IPv6 Address:2001:470:1f12:1155::2/64
And the router running config :
Quote
ipv6 unicast-routing
ipv6 cef
interface Tunnel0
no ip address
ipv6 address 2001:470:1F12:1155::2/64
ipv6 enable
tunnel source 192.168.137.10
tunnel destination 216.66.84.42
tunnel mode ipv6ip
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 192.168.137.10 255.255.255.0
duplex auto
speed auto
Thank for help
So what is the NAT/firewall/router appliance upstream of this? Because there is a chance it is filtering Protocol 41 to hosts behind it. Otherwise your config looks correct aside from a missing default IPv6 route. The HE side definitely responds when pinged.
Hi,
I had the same issue. I had an ACL on my Cisco router and added the line "permit 41 any any" and it worked after that (being able to ping the server).
I'm just wondering what this protocol 41 is and if i had to allow it for anyone or only for the ipv4 server address.
Protocol 41 is what is used to carry the traffic on the tunnel... The HE tunnel users 6in4 which uses proto41. You only have to allow it for the device hosting the tunnel.
Thanks.
I wonder if it would be wise to add a few more hints to the configuration exemples tab when creating the tunnel, like explaining that the routed /64 has to be added to an interface in the LAN (i missed that so i guess other would too).
I must be blind. i just checked again and the info is there. Did someone just added it a moment ago or am i losing my mind ?
I added this acl to 41,echo and echo reply in the fa1/0 connetcted to internet
But i still cannot ping
Quote
ipv6 unicast-routing
ipv6 cef
interface Tunnel0
no ip address
ipv6 address 2001:470:1F12:1155::2/64
ipv6 enable
tunnel source 192.168.137.10
tunnel destination 216.66.84.42
tunnel mode ipv6ip
!
interface FastEthernet1/0
ip address 192.168.137.10 255.255.255.0
ip access-group 110 in
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.137.1
no ip http server
no ip http secure-server
access-list 110 permit 41 any any
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any echo
ipv6 route ::/0 Tunnel0
R7(config)#int fastEthernet 1/0
R7(config-if)#ip access-group 110 in
If you see the capture file,in the picture, i have not echo reply,that the router has rejected,if it was acl problem i see the echo reply
what is the problem ??
I do the capture in the link between the routeur fa1/0 and the cloud,in gns3
You never answered reply#1 above...
Quote from: cholzhauer on March 07, 2013, 06:53:32 AM
You never answered reply#1 above...
I don't use any firewall,I use nat to share connexion to GNS3
What's the device that's directly ahead of your router in the upstream path?
it's directly connected to LAN
Lets try this again. Your Cisco emulator has an RFC1918 IP address. What is acting as the NAT gateway for that IP range? What is the 192.168.137.1 device?
QuoteI use nat to share connexion to GNS3
Quote from: broquea on March 07, 2013, 07:52:57 AM
Lets try this again. Your Cisco emulator has an RFC1918 IP address. What is acting as the NAT gateway for that IP range? What is the 192.168.137.1 device?
QuoteI use nat to share connexion to GNS3
I have a wireless LAN 192.168.1.0 /24
I use a loopback adaptor,to connect routers in GNS3,which is a virtual LAN CARD,her ip address is 192.168.137.1
I shared connexion between loopback card and wireless card by the NAT it translate the ip adresses in 192.168.137.0 to 192.168.1.0
so Loopback CARD(192.168.137.0) ->wirelessLAN(192.168.1.0)->WAN
my cisco router is connected to 192.168.137.0 network,and it ping wan ipv4 adresses
So you have DOUBLE NAT it sounds like. So now you need to make certain that both NATs "between loopback card and wireless card" as well as the device with 197.15.27.141 configured on it aren't filtering Protocol 41. Also the word is "connection".
Quote from: broquea on March 07, 2013, 08:30:41 AM
So you have DOUBLE NAT it sounds like. So now you need to make certain that both NATs "between loopback card and wireless card" as well as the device with 197.15.27.141 configured on it aren't filtering Protocol 41. Also the word is "connection".
The system firewall is disabled,how can I check that 41 is not filtered
For the word "connection",I am sorry,In french it's written " connexion" I have not make attention
I used before a tunnel in wireless card,and it has worked perfectly
If the tunnel worked all the way up to the wireless card, in front of this second NAT you configured, you'd need to look at how that NAT got set up. You could packet capture on that system and see if Protocol 41 packets are making their way out of the virtual lab and out that wireless card.
when i launch a packet capture in loopback interface,i have seen only echo request ,and not echo reply
when i launch the capture in wireless interface i have not seen any ipv6 packet,but when I ping an ipv4 address,I have seen
the packets,and with ip address translated
I changed the interface to Local interface and it has worked :)
thanks