• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Cisco SR 520 Not Routing IPV6 or is it?

Started by VECTARE, March 31, 2011, 05:57:34 AM

Previous topic - Next topic

VECTARE

I am neophyte at this.    I have an Cisco SR-520 running 12.4(20)T.5 which is behind another Cisco router that has a global IP address.       When I enable IPV4, I am able to hit the internet, ping V4 address and all that is expected of a network.   When I created the IPV6 tunnel, disabling the IPV4, I am only getting to the bit bucket.    I am not sure if I need to have the admin add configuration (ACL or NAT) to main router to allow my tunnel through, or am I doing something that is incredibly stupid.

Here the net diagram...

Internet ---->  Cisco ISR ----> Cisco SR520 -----> PC with IPV6 (Ubuntu)
                   (Global IP)        (Private IP)           IPV6 using address 2001:470:8:ad4::4


What I can do:  ping & telnet ipv6 from the router to pc and vise versa.    

Attached is my configs..

Mucho Gracia...





version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname IPV6A
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.64.0 192.168.64.30
!
ip dhcp pool home
  network 192.168.64.0 255.255.255.0
  default-router 192.168.64.1
  dns-server 192.168.1.1
!
!
ip cef
!
ipv6 unicast-routing
ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
 hidekeys
!
!
!        
!
!
interface Tunnel0
description Hurricane Electric IPv6 tunnel
no ip address
ipv6 address 2001:470:7:xxx::2/64
ipv6 enable
ipv6 mtu 1472
!
! Not sure if I should use the global IP of the ISR router or send it out WAN interface?
! Also.. what should be on the ISR (ACL or NAT to allow the tunnel?)
!
tunnel source FastEthernet4
tunnel destination 216.66.22.2
tunnel mode ipv6ip
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description Outbound WAN
!
! Static private address on the ISR
!
ip address 192.168.1.16 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
ipv6 address 2001:470:x:xxx::1/64
ipv6 enable
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
no ip http server
no ip http secure-server
ip nat inside source list Out2In interface FastEthernet4 overload
!
!
! Wide open on IPV4 side
!
ip access-list standard Out2In
permit any
!
ipv6 route 2001:470:8:AD4::/64 Tunnel0
ipv6 route ::/0 Tunnel0
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end



VECTARE

Solved...   Had to modify the Internet Access Router ACL to permit Server IPv4 Address Protocol 41 through.   

Thanks for all the support,

Don

josepena

How does it look the rule to allow the traffic?

Thanks.