IPV6 tunnel with cisco 7206

[wrbutt]

HI
i had created tunnel with on 7206 which is up but i cant ping other side of ipv6 address.
my current configuration for tunnel and configurations of interface on which i will be going to connect my laptop and configure ipv6 address to my laptop.

interface GigabitEthernet0/3
ip address 192.168.2.2 255.255.255.0
duplex auto
speed auto
media-type rj45
no negotiation auto
ipv6 enable
no clns route-cache
end

interface tunnel
ipv6 enable
ipv6 address 2001:470:4:358:2/64
tunnel source gi0/3
tunnel destination 203.99.57.62

ipv6 route 0:0/0 tunnel

what should i do, so that i can ping from laptop to ipv6 address of server.

[cholzhauer]

I don't think I'm following here.

Where does the server come into play?

Did you assign an IPv6 address to your laptop?

Can you ping the other side of the tunnel from the router?  Is the interface up?

[broquea]

As I replied to your ticket you have open, your configurations are a bit off.

Tunnel source on the Cisco tunnel interface needs to be either the IPv4 endpoint if configured on the Cisco, or the IP on the interface that gets connectivity from that IPv4 endpoint.

So if your interface only has RFC1918 space on it, you'd run:

Code Select Expand

configure terminal
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 enable
ipv6 address 2001:470:4:358::2/64
tunnel source 192.168.2.2
tunnel destination 209.51.161.58
tunnel mode ipv6ip
ipv6 route ::/0 Tunnel0
end
write

Since your Cisco is on RFC1918 space, you need to make certain that whatever device is configured with your IPv4 endpoint upstream of the Cisco, allows Protocol 41 through (NOT a tcp/udp port).

Then on whatever LAN facing interface on your Cisco, you'd start configuring with the routed /64 associated with your tunnel.

Your current tunnel interface doesn't appear to have been created from the easy and convenient pull-down menu of OS configuration examples, which I used, edited, and pasted above.

[wrbutt]

no aaa new-model
ip source-route
ip cef   
!
!
!
!
ipv6 general-prefix my-prefix 6to4 GigabitEthernet0/2
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool v6pool
address prefix 2001:470:4:358::/64
dns-server 2001:470:20::2
!
!
multilink bundle-name authenticated
no mpls traffic-eng auto-bw timers
!
!
!
!
interface Tunnel856
description interface tunnel ipv6
no ip address
ipv6 address 2001:470:4:358::2/64
ipv6 enable
tunnel source 192.168.2.2
tunnel destination 209.51.161.58
tunnel mode ipv6ip
!
interface GigabitEthernet0/1
description TestBed_3750_1
ip address 10.88.52.178 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
no negotiation auto
no clns route-cache
!
interface GigabitEthernet0/2
description Gi_Internet
ip address 192.168.1.111 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
no negotiation auto
no clns route-cache
!
interface GigabitEthernet0/3
ip address 192.168.2.2 255.255.255.0
duplex auto
speed auto
media-type rj45
no negotiation auto
ipv6 address 2001:470:5:358::1/64
ipv6 enable
no clns route-cache
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.151
ip route 10.88.55.144 255.255.255.240 10.88.52.177
ip route 10.88.58.0 255.255.255.248 10.88.52.177
ip route 192.168.2.0 255.255.255.0 192.168.1.151
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0/2 overload
ip nat inside source static 192.168.2.2 209.51.161.58 route-map RM.v6tunnel
!
ip access-list extended ACL.RM.v6tunne
permit 41 host 203.99.57.62 host 209.51.161.58
ip access-list extended ACL.RM.v6tunnel
permit 41 host 192.168.2.2 host 209.51.161.58
!
access-list 1 permit 10.88.0.0 0.0.255.255
ipv6 route 2001:470:4:358::/64 Tunnel856
ipv6 route ::/0 Tunnel856
!
route-map RM.v6tunnel permit 10
match ip address ACL.RM.v6tunnel

that is my current after allowing protocol 41, but still no luck.
kindly let me know what should i do to correct it.

Regards,
Waqas

[cholzhauer]

Real quick

ipv6 dhcp pool v6pool
address prefix 2001:470:4:358::/64
dns-server 2001:470:20::2
!

This is just a guess, but if it's anything like the new version of the DHCP server for PC, DHCPv6 and DHCPv4 don't have the same options

Have you tried allowing all traffic to make sure your access controls aren't your problem?  Obviously it's not something you'd want to run with permanently, but it would at least help rule things out.

[patrickdk]

Issue I see is that: tunnel source 192.168.2.2
does not relate to his default gateway ip address, shouldn't it be 192.168.1.111

[wrbutt]

IP of 192.168.2.2 is source of my tunnel, this ip is assigned to port on which i connect to my laptop this port also had that ipv6 ip.
192.168.1.111 is port connected to service provider network which nat traffic towards public IP.
I think my real problem is IPv6 encapsulation, from my laptop i can ping ipv4 ips of tunnel but not ipv6 address. 

[wrbutt]

I change my windows XP ipv6 configuration to below mentioned configuration. it worked
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.2.29 209.51.161.58
netsh interface ipv6 add address IP6Tunnel 2001:470:ffff:ffff::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:4:358::1


Idx  Met   MTU    State         Name
---  ----  -----  ------------  -----
19     1   1280  Connected     IP6Tunnel
18     1   1280  Disconnected  IP6Tunnel
12     0   1500  Disconnected  Wireless Network Connection
  6     2   1280  Disconnected  Teredo Tunneling Pseudo-Interface
  5     0   1500  Connected     Local Area Connection 5
  3     1   1280  Connected     6to4 Pseudo-Interface
  2     1   1280  Connected     Automatic Tunneling Pseudo-Interface