Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 on Routing Platforms => Topic started by: fdamstra on June 03, 2009, 08:54:33 AM

Title: New Tunnel on 1811 - Unable to Ping Across
Post by: fdamstra on June 03, 2009, 08:54:33 AM
Got a new Cisco 1811 to use as my home gateway, and this morning, I registered with TunnelBroker to set up a tunnel.

I've got the configuration in there, but no IPv6 connectivity.  I cannot even ping across the tunnel interface.  There are currently no ACL's on my WAN interface, as I thought I'd set up the tunnel before I start locking down the security in order to avoid just these sorts of problems.  Is it possible my ISP is blocking the connection?  I am using BVI's for my LAN, which I'm told don't work (or didn't work?) with IPv6, but they're not even involved at this point since I'm pinging from the router.

Here are relevant parts of my configuration (IOS 12.4(15)T9):
hostname MonkeyBOX-1811W
!
ipv6 unicast-routing
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker - Chicago
no ip address
ipv6 address 2001:470:1F10:C7::2/64
ipv6 enable
tunnel source 69.221.231.68
tunnel destination 209.51.181.2
tunnel mode ipv6ip
!
interface FastEthernet0
description to AT&T DSL
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ipv6 route ::/0 Tunnel0


Seems pretty basic apart from the 'ip nat outside', but that only matches source addresses from my LAN, not the tunnel interface itself.

'show ip int brief' shows both the tunnel interface is up, and that the ip is correct:
MonkeyBOX-1811W#sh ip int brie
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              69.221.231.68   YES DHCP   up                    up
Tunnel0                    unassigned      YES manual up                    up


Some additional troubleshooting and demonstration of the issue:
MonkeyBOX-1811W#! Ping local side works
MonkeyBOX-1811W#ping 2001:470:1F10:C7::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:1F10:C7::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
MonkeyBOX-1811W#! Ping remote side fails
MonkeyBOX-1811W#ping 2001:470:1F10:C7::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:1F10:C7::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
MonkeyBOX-1811W#! Additional troubleshooting
MonkeyBOX-1811W#conf t
MonkeyBOX-1811W(config)#access-list 142 permit ip host 69.221.231.68 host 209.51.181.2
MonkeyBOX-1811W(config)#access-list 142 permit ip host 209.51.181.2 host 69.221.231.68
MonkeyBOX-1811W(config)#exit
MonkeyBOX-1811W#debug tunnel
Tunnel Interface debugging is on
MonkeyBOX-1811W#debug ip packet 142
IP packet debugging is on for access list 142
MonkeyBOX-1811W#ping 2001:470:1F10:C7::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:1F10:C7::1, timeout is 2 seconds:

Jun  3 15:50:56.556: Tunnel0: IPv6/IP encapsulated 69.221.231.68->209.51.181.2 (linktype=79, len=120)
Jun  3 15:50:56.556: IP: s=69.221.231.68 (Tunnel0), d=209.51.181.2 (FastEthernet0), len 120, sending
Jun  3 15:50:56.556: Tunnel0 count tx, adding 20 encap bytes.
Jun  3 15:50:58.556: Tunnel0: IPv6/IP encapsulated 69.221.231.68->209.51.181.2 (linktype=79, len=120)
Jun  3 15:50:58.556: IP: s=69.221.231.68 (Tunnel0), d=209.51.181.2 (FastEthernet0), len 120, sending
Jun  3 15:50:58.556: Tunnel0 count tx, adding 20 encap bytes.
Jun  3 15:51:00.556: Tunnel0: IPv6/IP encapsulated 69.221.231.68->209.51.181.2 (linktype=79, len=120)
Jun  3 15:51:00.556: IP: s=69.221.231.68 (Tunnel0), d=209.51.181.2 (FastEthernet0), len 120, sending
Jun  3 15:51:00.556: Tunnel0 count tx, adding 20 encap bytes.
Jun  3 15:51:02.556: Tunnel0: IPv6/IP encapsulated 69.221.231.68->209.51.181.2 (linktype=79, len=120)
Jun  3 15:51:02.556: IP: s=69.221.231.68 (Tunnel0), d=209.51.181.2 (FastEthernet0), len 120, sending
Jun  3 15:51:02.556: Tunnel0 count tx, adding 20 encap bytes.
Jun  3 15:51:04.556: Tunnel0: IPv6/IP encapsulated 69.221.231.68->209.51.181.2 (linktype=79, len=120)
Jun  3 15:51:04.556: IP: s=69.221.231.68 (Tunnel0), d=209.51.181.2 (FastEthernet0), len 120, sending
Jun  3 15:51:04.556: Tunnel0 count tx, adding 20 encap bytes.
Success rate is 0 percent (0/5)


Not sure where to go from here.  Looks like packets are being encapsulated on the way out, but I'm not receiving anything back.

(Edited to add: I just went through the IPv4 Endpoint Verification procedure, but it turns out that this deletes the tunnel and won't let me create a new one, so I guess I'm done troubleshooting this until tomorrow)
Title: Re: New Tunnel on 1811 - Unable to Ping Across
Post by: fdamstra on June 03, 2009, 12:08:19 PM
According to this article (http://www.feise.com/~jfeise/blogs/index.php/2009/05/31/ataamp-t-dsl-and-ipv6-again?blog=8), it's probably my DSL modem, as I have the same type that author had.

Title: Re: New Tunnel on 1811 - Unable to Ping Across
Post by: ZeroByte on June 04, 2009, 07:21:03 AM
Well, I don't know if you can get into the configuration of the DSL modem or not, but if you can, you might see if it can be placed in bridge mode and then you could run the PPPoE session directly from your 1811. If the modem is bridging, then any of its layer-3 quirks would be eliminated.

Title: Re: New Tunnel on 1811 - Unable to Ping Across
Post by: KevinGLong on July 11, 2009, 06:05:56 PM
fdamstra, I'm no expert by any means but I have a working IPv6 tunnel working on my 1811 router.

I posted my config and other info that I discovered during a few sleepness nights over in the "IPv6 on Windows" forum back in December.
Here is a direct link: http://www.tunnelbroker.net/forums/index.php?topic=285.0

The topic name is "XP PC behind Cisco Router - rtr works, pc doesn't"

Good Luck.
Kevin
Title: Re: New Tunnel on 1811 - Unable to Ping Across
Post by: fdamstra on July 12, 2009, 08:25:07 AM
Thanks.  I was able to get this to work using another modem, which I set in bridged mode, and let the 1811 do the PPPoE.  My wired LAN is IPv6 enabled, though I can't seem to get it to work over wireless.