So I setup my tunnel on my Juniper SSG20. I setup ipv6 on my trusted interface, in router mode, Added the prefix for my /48 addresses. Selected MTU, link layer address, allow transmission. My clients, windows 2008 server, win 7, win vista are set with IPv6 autoconfiguration enabled. But the only IPv6 address I get is the link local. I tried entering the gateway address manually, and if I manually enter a static IPv6 address I can then access IPv6 sites on the internet an ping -6 ipv6 addresses.
What am I missing that is not allowing my clients to get an IPv6 address from my /48.
Normally you're supposed to create multiple /64 networks out of your /48...from what your post describes, you didn't do that. Can you confirm?
I did not - Thank you for pointing this out. I will pull up a Ipv6 calculator and split this off into /64 subnets and retry. Thanks
So on my tunnel details it shows my Routed /48: and my routed /64: the routed /64 seems to be teh same prefix as my Client and server IPv6 addresses but the routed /48: appear to be a seperate prefix. I will plug in the Routed /64: prefix and see if that solves my issue. (or should i split off a subnet from my routed /48?).
Thanks
Not a problem...you really don't need a calculator if you don't want to go to the hassle.
HE gave you a /48 which should look like xxxx:xxxx:xxxx::/48
You just need to make up the fourth group, so it would look like this xxxx:xxxx:xxxx:xxxx::/64
What ranges did HE assign you?
I don't use HE for my address allocation, but it appears you need to use the /48 if you have more than one subnet.
Are you planning on using more than on subnet? If yes, use the /48
If no, you can use either the /48 or /64
FYI the routed /64 is not the same as your tunnel's point-to-point, there will be a subtle difference in the /48 it is allocated from.
Does the SSG20 even do the router advertisement/radvd thing? If so mebbe it's not turned on automatically on screenos (or whatever the SSG series runs ... haven't messed with those yet).
Yes, I appearantly can't read today. the routed /64 is different then the /48 it is allocated from. Thank you. I will pay closer attention. I did actually type the correct information into my router configuration. Anyway. At the moment I am not sure if I will use more than one subnet, so I will split the first /64 off of my /48 per your advice and run with it.
Yeah, I am now getting ip address being assigned. I currently have my router flagged as managed (stateful instead of stateless) but I think that is ok. Now I need to recheck my routing as my tunnel is up, but I am no longer able to ping -6 the endpoints of the tunnel. I think I am almost there. ;D
Trying to troubleshoot - does anyone have any IPv6 addresses on the internet that are Ping able. I can not seem to ping my tunnel server address from in my trusted zone and I am trying to determine what is going on. I could ping it yesterday - my tunnel is up.
ipv6.l.google.com. 300 IN AAAA 2001:4860:b002::68
www.kame.net. 86400 IN AAAA 2001:200:0:8002:203:47ff:fea5:3085
sixxs.net. 86400 IN AAAA 2001:838:1:1:210:dcff:fe20:7c7c
sixy.ch. 82956 IN AAAA 2a02:200:3:1::103
(that last is a good one to go to for lots more IPv6 addresses)