• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Setup for IPv6 tunnel test

Started by UltraZero, January 22, 2011, 05:21:42 PM

Previous topic - Next topic

UltraZero

Hmm. Re Pix 515.  I think I can pick one up for under 200 dollars.  Getting the correct IOS is an issue.
I think the 525s go for around $400.  I did see one recently for $20.00.  the said it didn't power up.  I wanted it,but, I didn't want a large paper weight if it wasn't just the power supply.

Well, I am setting up the tunnel.  Got the ipv4 side working I think, but no go on the IPv6 side.  I'm sure I am missing something.  (brain, brain cells, eye sight all that good stuff)  ;D  ;D

antillie

If you are considering spending $400 on a PIX 525 you might as well just buy an ASA 5505 for $150 less.

The ASA is much more powerful, has a more mature/complete IPv6 implementation, and still receives updates from Cisco. The only major drawback is that the "10-User Bundle" only allows you to have 10 hosts behind the firewall talk to the outside world at any given time. But if you are using this for your home network or a lab that probably won't be an issue. But the ASA's IPv6 implementation does have a number of important and annoying limitations that also apply to the PIX as well. (This might be good reason to go with something like Vyatta or pfSense.)

There are other restrictions on the "10-User Bundle" 5505 that don't apply to say, the "Unlimited User Bundle" or the "Security Plus Bundle" 5505. All of them are the exact same piece of hardware, the only difference between them is the activation key stored in flash that tells the OS what features to enable and disable. Cisco outlines this pretty well here:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~mid-range

Since the only difference is a software activation key upgrading to a higher feature set later is pretty easy. The ASA is also guaranteed to already be running an IPv6 capable IOS image right out of the box so you won't have to worry about trying to find an IOS image for it on some shady torrent site.

Still, a PIX 515 for under $200 with the right amount of ram and the proper IOS image isn't a bad deal. Especially for a small LAN or lab where the higher capacity of the ASA 5505 just isn't needed.

UltraZero

What do you consider a small lan for home???   :o :o :o ;D

Hmm.  The Cisco 525 isn't that expensive.  Not to mention, you can pick up both a base unit
and a roller over unit for around 300.  I'm sorry but, the 10 user license won't work for me. Lets
just say, I have way more users than that.. ::) ::)

antillie

Quote from: UltraZero on January 27, 2011, 04:37:03 PM
What do you consider a small lan for home???   :o :o :o ;D

A LAN with less than 10 hosts. ;) Even if you have say, two desktops, two laptops, two Netflix capable blue ray players, two wifi enabled smart phones, and a game console thats still only 9 hosts. Things like the family printer, your wifi APs, and managed switches don't need to talk to the internet anyway. Besides you can still remotely access them over a client VPN. ;)

Quote from: UltraZero on January 27, 2011, 04:37:03 PM
Hmm.  The Cisco 525 isn't that expensive.  Not to mention, you can pick up both a base unit
and a roller over unit for around 300.  I'm sorry but, the 10 user license won't work for me. Lets
just say, I have way more users than that.. ::) ::)

If you can get a 525 with an IPv6 capable IOS image for less than the cost of a 5505 then by all means go for it. It may be old but the 525 is still a very capable firewall.

UltraZero

Well, would you say a home network that consists of over 20 subnets with machines on all is considered a lan???  Darn... I missed the Pix firewall.  It sold for 75 dollars.   Wouldn't you know it.  I clicked to buy it, and there was a large pause in my network connection.   Maybe that means something like I should not have tried to buy it.


Hey.  Back to the setup...

I am still having trouble trying to get attached to the tunnel.

I a have spoken to ATT and they are basically clueless.  The people who know the answers are locked away in a big building in the Doublin, Ca and they don't let them out much.. AT ALL. They throw meat into their cages and only feed when the company needs something. I tried to find out if protocol 41 is being blocked and I can't the answer to this question to help me proceed.


That being said... I am trying to get my connection to work.  I can't ping the tunnel. All access lists are disabled (At least prior to me writing this)

Normal pings from the IP address work,but, I can't ping the destination.  I can ping myself though.

Any thoughts???

Has anyone gotten a Cisco router to connect without a problem??





So Far, I guess I will have to build another machine with windows 7 in order to test the link.  (If I can get that working)