Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Cisco router/home DSL connection. Is your setup similar and working for you?  (Read 10690 times)

UltraZero

  • Full Member
  • ***
  • Posts: 153
  • Feed Me Input... Input...

Good Evening.

I am trying to figure out what my problem is.  (May be something since birth???    ::) ::) LOL)

Here's the deal.  

I have a home network.  I have a DSL connection.  DSL modem connected to a Cisco Router.
Behind the router - Hmmm.. a bunch of stuff.  You know, the usual.   Networked printers, work stations, etc.

I am wondering if anyone has gotten the tunneling process working with the same kinda setup??  I would like to establish the tunnel with the Cisco router.  I would like to sit with a workstation on my network and ping a server on the other side via IPv6.  I also would like to browse Google via IPv6.   I would like to run dual stack on my network and eventually, eliminate IPv6 if possible..  (Not for some time til most apps are fully IPv6 aware)

It looks like Protocol 41 might be my problem.  I can't get any and I mean ANY direct answer via ATT about this.  (Go figure..  :-\ ) Anyway.

Please let me know if anyone is attached to ATT, Home DSL and has the tunnel working with a Cisco router.  (Cisco 2621XM or something similar)  I'd like to know what could possibly be the issue or
am I stuck with a NAT problem or something like that.

When the Tunnel is tested, I can ping the IPv4 address, but, not the IPv6 number.  

At the time of the test, all shields were down and the warp core was ejected so we were a sitting duck for incoming virus/hackers and sheer prying eyes.  We still could not use the transporter to talk to the time lord in the tardus who keeps passing us in that darn flying phone booth..   Wooo  Where did that come from..  I know I know.  Way too much Star Trek and Dr. Who..

Anyway.  No connection could be made..

Let me know what you think.   (No. No...  Not about the Star Trek comment, You know,  The other thing)

Thanks guys and Gals....
« Last Edit: February 03, 2011, 10:32:28 AM by UltraZero »
Logged

donbushway

  • Newbie
  • *
  • Posts: 40

We need more information. What OS are you using to create the tunnel. If you are behind NAT you used the IP of the computer not the global Ip address. Config files would be helpful also.

Running at home on windstream ISP, NETGEAR WNR3500L router loaded with DD-WRT firmware.
Logged

UltraZero

  • Full Member
  • ***
  • Posts: 153
  • Feed Me Input... Input...

Ah..

Made a hardware change.

Cisco 3640 router is the hardware.

Cisco IOS 12.3

Code: [Select]

Building configuration...

Current configuration : 3016 bytes
!
! Last configuration change at 21:14:53 pacific Wed Feb 2 2011 by Me
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HELLO
!
boot-start-marker
boot-end-marker
!
!
clock timezone pacific -8
no aaa new-model
ip subnet-zero
!
!
ip host OMITTED 192.168.0.254
!
!
ip cef
ip ips po max-events 100
ipv6 unicast-routing
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address 2001:470:xxxx:xxxx::2/64
 ipv6 enable
 tunnel source OMITTED
 tunnel destination 72.xx.104.74
 tunnel mode ipv6ip
!
interface FastEthernet0/0
 ip address dhcp hostname HELLO
 ip access-group 104 in
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 ipv6 enable
!
interface FastEthernet0/1
 ip address 192.168.x.xxx 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Ethernet1/0
 ip address 192.168.x.xxx 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 half-duplex
 ipv6 enable
 ipv6 rip IPv6 enable
!
interface Ethernet1/1
 ip address 192.168.x.xxx 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 half-duplex
 ipv6 rip IPv6 enable
!
router eigrp 5
 network 192.168.x.0
 network 192.168.x.0
 network 192.168.x.0
 no auto-summary
!
router rip
 version 2
 network 192.168.x.0
 network 192.168.x.0
 network 192.168.x.0
 no auto-summary
!
ip http server
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 OMITTED
ip route 0.0.0.0 255.0.0.0 OMITTED
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip dns server
!
!
access-list 1 permit 192.0.x.0 0.255.xxx.255
access-list 100 deny   tcp any any eq telnet
access-list 102 permit tcp host 192.168.0.0 any eq
access-list 102 permit tcp host 192.168.0.0 any eq
access-list 104 permit tcp any any eq echo
access-list 104 permit 41 any any
access-list 104 deny   tcp any any eq  established log
access-list 104 deny   tcp any any eq  established log
access-list 104 deny   tcp any any eq  established log
access-list 104 deny   tcp any any eq  established log
access-list 104 deny   tcp any any eq  established log
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any log
access-list 104 deny   ip 172.16.0.0 0.0.255.255 any log
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any log
access-list 104 deny   ip 224.0.0.0 0.31.255.255 any log
access-list 104 permit ip any any
ipv6 route ::/0 Tunnel0
ipv6 router rip IPv6
!
ipv6 router rip process1
 maximum-paths 4
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 password OMITTED
 login local
 speed 115200
line aux 0
line vty 0 4
 access-class 100 in
 login local
 transport input ssh
!
ntp clock-period 17179765
ntp server 192.5.41.41 prefer
ntp server 192.5.41.209
!
end
« Last Edit: March 21, 2011, 03:27:29 PM by UltraZero »
Logged

antillie

  • Full Member
  • ***
  • Posts: 104

You don't have any global unicast IPv6 addresses assigned to your internal interfaces. You will need to get a /48 from HE, take 3 /64's from it, and configure an IP from each /64 on one of your three internal interfaces. You will then need to assign each /64 prefix to each internal interface for prefix advertisement.

IE:

int f0/1
ipv6 address 2001:470:f00:1111::1/64
ipv6 nd prefix 2001:470:f00:1111::/64

int e1/0
ipv6 address 2001:470:f00:2222::1/64
ipv6 nd prefix 2001:470:f00:2222::/64

int e1/1
ipv6 address 2001:470:f00:3333::1/64
ipv6 nd prefix 2001:470:f00:3333::/64

For reference here are the relevant parts of the config of my 2621xm running 12.4:

Code: [Select]
cerberus#sho run
Building configuration...

Current configuration : 5873 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cerberus
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 X
!
aaa new-model
!
!
aaa group server radius AD-RADIUS
 server 192.168.100.8 auth-port 1812 acct-port 1813
!
aaa authentication login ssh-access group AD-RADIUS enable
aaa authorization exec default group AD-RADIUS if-authenticated
!
aaa session-id common
clock timezone CST -6
no network-clock-participate slot 1
no network-clock-participate wic 0
no ip source-route
ip cef
!
!
no ip bootp server
ip domain name local.lan
ip name-server 192.168.100.8
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
ipv6 unicast-routing
no ipv6 source-route
ipv6 cef
!
!
ip ssh version 2
!
!
interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address 2001:470:1F0E:6CA::2/64
 ipv6 enable
 ipv6 traffic-filter Block-IPv6-SSH in
 no ipv6 redirects
 ipv6 verify unicast reverse-path
 tunnel source X
 tunnel destination 216.218.224.42
 tunnel mode ipv6ip
!
interface FastEthernet0/0
 description Point to point link to ASA 5505.
 ip address 10.1.1.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 ip route-cache same-interface
 ip route-cache flow
 duplex auto
 speed auto
 ipv6 address 2001:470:B98A:1::/64 eui-64
 ipv6 mtu 1480
 ipv6 nd prefix 2001:470:B98A:1::/64
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 description Connection to the internet.
 ip address dhcp
 no ip redirects
 ip nat outside
 ip virtual-reassembly
 ip route-cache same-interface
 ip route-cache flow
 duplex auto
 speed auto
!
router eigrp 150
 redistribute static
 passive-interface FastEthernet0/1
 passive-interface Tunnel0
 network 10.1.1.0 0.0.0.3
 no auto-summary
!
no ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 2000 interface FastEthernet0/1 overload
!
ip radius source-interface FastEthernet0/0
access-list 2000 permit ip any any
no cdp run
ipv6 route 2001:470:B98A::/48 FastEthernet0/0 FE80::21F:9EFF:FE45:2422
ipv6 route 2001:DB8::/32 Null0
ipv6 route FC00::/7 Null0
ipv6 route ::/0 2001:470:1F0E:6CA::1
!
!
radius-server host 192.168.100.8 auth-port 1812 acct-port 1813 key 7 X
!
ipv6 access-list Block-IPv6-SSH
 deny tcp any any eq 22
 permit ipv6 any any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 exec-timeout 0 0
 login authentication ssh-access
 transport input ssh
line vty 5 15
 exec-timeout 0 0
 login authentication ssh-access
 transport input ssh
!
ntp clock-period 17180110
ntp server 206.246.118.250
ntp server 64.236.96.53
ntp server 68.216.79.113
!
end
« Last Edit: February 21, 2011, 02:01:12 PM by antillie »
Logged

simonben1982

  • readonly_member
  • Newbie
  • *
  • Posts: 1

My friend wants to become an ipexpert in networking company. He has already taken certification in ccna and cisco routing configuration. Do you think this will enough for him to get a good job?

Logged

UltraZero

  • Full Member
  • ***
  • Posts: 153
  • Feed Me Input... Input...

I think the answer depends  upon the complexity of the company and the needs of the company.   Simple IP setups a Jedi Knight he is not.   There are many aspects around being a master at Cisco and these skills come from working with many different types of hardware/types of installation and of course what is the expectation of uptime.   I find it hard in todays day for 1 person to be the jack of all trades.  a Network admin, a server (Windows 200x person, (A Netware Admin if there are still any around) and a Unix Administrator all in one)   I have all of these systems to play with and I find it hard to learn all aspects.  Not to mention a backup administrator, an Application administrator.   There are issues with security, wireless and so on. Data base admins, IP Phone admins;  on and on and on..

Logged