Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Need help with Server 2003  (Read 5226 times)

oyvind

  • readonly_member
  • Newbie
  • *
  • Posts: 4
Need help with Server 2003
« on: February 09, 2011, 02:27:17 PM »

Hi

Server 2003 in a workgroup can`t access Internet with IPv6.
All other workstations with OS XP and Win7 works automatic in VLAN10.


Ping output from server 2003 :

Pinging ipv6.l.google.com [2a00:1450:8007::93] from fe80::21b:fcff:fef9:b711%5 w
ith 32 bytes of data:

Destination host unreachable.
Destination host unreachable.
Destination host unreachable.

Equipment is Cisco 1812w and Cisco 2950 with 4 VLAN`s.
Also tested without Zone based policy firewall.

interface FastEthernet0
 description ISP-connect
 bandwidth 15000
 ip address dhcp
 ip nbar protocol-discovery
 ip nat outside
 no ip virtual-reassembly in
 zone-member security INTERNET
 duplex auto
 speed auto
 ipv6 enable
 no cdp enable
 crypto map CRYDYN
 service-policy input mark_qos
 no routing dynamic


ipv6 unicast routing is enabled
ipv6 route ::/0 Tunnel0

interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 zone-member security INTERNET
 ipv6 address 2001:470:27:667::2/64
 ipv6 enable
 tunnel source 81.167.x.x
 tunnel mode ipv6ip
 tunnel destination 216.66.80.x

This is the VLAN with server 2003 :

Show run output from VLAN 300

interface Vlan300
 ip address 192.168.30.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 zone-member security PRIVATE
 ipv6 address 2001:470:27:669::3/64
 ipv6 enable
 service-policy input trust_qos
 service-policy output mark_qos

Box#sh ipv6 int vlan 300
Vlan300 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::21B:D5FF:FE33:C07C
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:470:27:669::3, subnet is 2001:470:27:669::/64
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF00:3
    FF02::1:FF33:C07C
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: QoS classify QoS actions
  Output features: CCE Classification Zone based Firewall QoS classify QoS actions
  Post_Encap features: QoS Actions
  Service-policy input: trust_qos
  Service-policy output: mark_qos
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.

-------------------------------------------------------------------

This is the VLAN with XP and Win7 (working) :

Show run int vl 10 output

interface Vlan10
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
 zone-member security PRIVATE
 ipv6 address 2001:470:28:667::1/64
 ipv6 enable
 ipv6 mobile home-agent
 service-policy input trust_qos
 service-policy output mark_qos

Box#sh ipv6 int vlan 10
Vlan10 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::21B:D5FF:FE33:C07C
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:470:28:667::1, subnet is 2001:470:28:667::/64
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF00:1
    FF02::1:FF33:C07C
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: QoS classify QoS actions
  Output features: CCE Classification Zone based Firewall QoS classify QoS actions
  Post_Encap features: QoS Actions
  Service-policy input: trust_qos
  Service-policy output: mark_qos
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.


Thank you

Řyvind



Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2714
Re: Need help with Server 2003
« Reply #1 on: February 09, 2011, 03:00:28 PM »

Quote
Pinging ipv6.l.google.com [2a00:1450:8007::93] from fe80::21b:fcff:fef9:b711%5 w

It's not getting a global address...I haven't looked real close at your config yet, but what's different between that subnet and that ones that are working?
Logged

oyvind

  • readonly_member
  • Newbie
  • *
  • Posts: 4
Re: Need help with Server 2003
« Reply #2 on: February 09, 2011, 03:10:03 PM »

The config is identical, just different IPv4 subnets.
Logged

oyvind

  • readonly_member
  • Newbie
  • *
  • Posts: 4
Re: Need help with Server 2003
« Reply #3 on: February 09, 2011, 04:26:16 PM »

The IPv6 source address on Interface VLAN 10 2001:470:28:667::1/64 can ping adresses on Internet, but not the source address 2001:470:27:669::3/64 on VLAN 300.
It seem that problem is on the router . Any ideas ?
These IPv6 addresses is manually assigned by me.


Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Need help with Server 2003
« Reply #4 on: February 09, 2011, 08:57:07 PM »

Is this a routed /48?  If not, you can only have one LAN /64.  If you want more than one LAN terminated to the same router you need a /48.

If you have two separate tunnels to each router, then you'll get a separate /64 for each.  But only one /64.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2714
Re: Need help with Server 2003
« Reply #5 on: February 10, 2011, 05:12:12 AM »

Yeah, something's wrong with your address scheme

Quote
...
Global unicast address(es):
    2001:470:27:669::3, subnet is 2001:470:27:669::/64
...
interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 zone-member security INTERNET
 ipv6 address 2001:470:27:667::2/64

If you were using your routed /64, it's only one character away from your tunnel IP.  If you were using your /48, it wouldn't even be close to the same address.  Better double check something.
Logged

oyvind

  • readonly_member
  • Newbie
  • *
  • Posts: 4
Re: Need help with Server 2003
« Reply #6 on: February 11, 2011, 06:50:18 AM »

Do this mean 48 bit mask on the tunnel and the Interface VLAN`s  or only on the tunnel interface ?
Thank you.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2714
Re: Need help with Server 2003
« Reply #7 on: February 11, 2011, 06:54:14 AM »

Neither...you have to take /64's out of your /48 and use those for your vlans

You shouldn't be writing "/48" anywhere in your configurations
Logged