Cisco 2651XM with tunnel can't ping !

[lipo]

updated ! : the router who make vsdl is cisco 880.

Hey everybody !

Sorry for my english it can be bad !  ???

For my school, i'm trying to implement an IPv6 Lab !

My config :

vDSL routeur (C880DATA-UNIVERSALK9-M) <----> routeur (NAT) <---> switch <--->  My 2651XM cisco <---> My IPv6 Lan

Here's a traceroute (to the ipv4 server address) to show you how lost i am :

Tracing the route to 216.66.80.98

1 172.18.67.129 (my router private outside address) 4 msec 4 msec 0 msec
 2 172.18.XX.X 4 msec 0 msec 0 msec
 3 172.18.X.X 4 msec 0 msec 4 msec
 4 172.18.X.X 0 msec 0 msec 4 msec
 5 212.147.X.X 28 msec 28 msec 32 msec
 6 212.147.X.X 28 msec 28 msec 32 msec
 7 212.147.X.X 28 msec 28 msec 32 msec
 8 91.206.X.X 28 msec 32 msec 28 msec
 9 216.66.80.98 32 msec 32 msec 28 msec

No possibility to get closer to the vDSL modem , no possibility to configure it (or the switchs/routers on the way), no firewall or proxy on the way ! I get my IPv4 connection working well !  ::)

Here's my router config :

Building configuration...

Current configuration : 1816 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HedgeRouteur
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$zMvw$uCDCRF1D0keFgup4Xkhtv0
!
no network-clock-participate slot 1
no network-clock-participate wic 0
aaa new-model
!
!
aaa session-id common
ip subnet-zero
ip cef
!
!
ip domain name protoHEG
!
ipv6 unicast-routing
no ipv6 source-route
ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
username admin secret 5 $1$K7be$xe11YgAUAJvHi8NIh5t.7.
!
!
!
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:25:A89::2/64
ipv6 enable
no ipv6 redirects
ipv6 verify unicast reverse-path
tunnel source FastEthernet0/0
tunnel destination 216.66.80.98
tunnel mode ipv6ip
!
interface FastEthernet0/0 (to the outside)
ip address 172.18.67.190 255.255.255.192
ip nat outside
duplex auto
speed auto
ipv6 enable
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1 (provide good ipv6 address to the lan clients)
ip address 192.168.0.1 255.255.255.248
ip nat inside
duplex auto
speed auto
ipv6 address 2001:470:26:A89::/64 eui-64
ipv6 mtu 1480
ipv6 nd prefix 2001:470:26:A89::/64
!
interface Serial0/1
no ip address
shutdown
!
interface Serial0/2
no ip address
shutdown
!
interface Serial0/3
no ip address
shutdown
!
ip nat inside source list 100 interface FastEthernet0/0 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 172.18.67.129
!
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 permit icmp any any
access-list 100 permit gre any any
access-list 100 permit ipinip any any
access-list 100 permit 41 any any
ipv6 route ::/0 2001:470:25:A89::1
!
!
!
!
!
!
!
!
line con 0
password 7 05080F1C2243
line aux 0
line vty 0 4
password 7 02050D480809
transport input all
!
!
end

So, with it (or same config without access-list 100), i can't ping either the ipv6 server address, either any ipv6 web address !

What's wrong here ?

It's because i'm behind several switch/routers with NAT ?

How can i debug it ? Is it more tools than traceroute or ping to see if something is blocking (like proto 41..) ?

Have i to configure the mtu size ?  ???

Have i to configure specific access list for ipv6 ?

My lan Host get correctly they IPv6, they can ping each other and ping the router !

Thx a lot  ;)

ps : a ping for tunnel destination show this :

Code Select Expand


HedgeRouteur#ping ipv6 2001:470:25:a89::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:25:A89::1, timeout is 2 seconds:

*Mar  1 03:27:49.889: IPv6: SAS picked source 2001:470:25:A89::2 for 2001:470:25:A89::1 (Tunnel0)
*Mar  1 03:27:49.889: IPV6: source 2001:470:25:A89::2 (local)
*Mar  1 03:27:49.889:       dest 2001:470:25:A89::1 (Tunnel0)
*Mar  1 03:27:49.889:       traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating
*Mar  1 03:27:49.893: IPv6: Sending on Tunnel0
*Mar  1 03:27:49.893: Tunnel0: IPv6/IP encapsulated 172.18.67.190->216.66.80.98 (linktype=79, len=120).
*Mar  1 03:27:51.896: IPv6: SAS picked source 2001:470:25:A89::2 for 2001:470:25:A89::1 (Tunnel0)
*Mar  1 03:27:51.896: IPV6: source 2001:470:25:A89::2 (local)
*Mar  1 03:27:51.896:       dest 2001:470:25:A89::1 (Tunnel0)
*Mar  1 03:27:51.896:       traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating
*Mar  1 03:27:51.896: IPv6: Sending on Tunnel0
*Mar  1 03:27:51.896: Tunnel0: IPv6/IP encapsulated 172.18.67.190->216.66.80.98 (linktype=79, len=120).
*Mar  1 03:27:53.896: IPv6: SAS picked source 2001:470:25:A89::2 for 2001:470:25:A89::1 (Tunnel0)
*Mar  1 03:27:53.896: IPV6: source 2001:470:25:A89::2 (local)
*Mar  1 03:27:53.896:       dest 2001:470:25:A89::1 (Tunnel0)
*Mar  1 03:27:53.896:       traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating
*Mar  1 03:27:53.896: IPv6: Sending on Tunnel0
*Mar  1 03:27:53.896: Tunnel0: IPv6/IP encapsulated 172.18.67.190->216.66.80.98 (linktype=79, len=120).
*Mar  1 03:27:55.899: IPv6: SAS picked source 2001:470:25:A89::2 for 2001:470:25:A89::1 (Tunnel0)
*Mar  1 03:27:55.899: IPV6: source 2001:470:25:A89::2 (local)
*Mar  1 03:27:55.899:       dest 2001:470:25:A89::1 (Tunnel0)
*Mar  1 03:27:55.899:       traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating
*Mar  1 03:27:55.899: IPv6: Sending on Tunnel0
*Mar  1 03:27:55.899: Tunnel0: IPv6/IP encapsulated 172.18.67.190->216.66.80.98 (linktype=79, len=120).
*Mar  1 03:27:57.902: IPv6: SAS picked source 2001:470:25:A89::2 for 2001:470:25:A89::1 (Tunnel0)
*Mar  1 03:27:57.902: IPV6: source 2001:470:25:A89::2 (local)
*Mar  1 03:27:57.902:       dest 2001:470:25:A89::1 (Tunnel0)
*Mar  1 03:27:57.902:       traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating
*Mar  1 03:27:57.902: IPv6: Sending on Tunnel0
*Mar  1 03:27:57.902: Tunnel0: IPv6/IP encapsulated 172.18.67.190->216.66.80.98 (linktype=79, len=120).
Success rate is 0 percent (0/5)

I've seen than the proto41 is allowed on the cisco 880, but get no response..  :-\

[sttun]

You need to ask your the school to set up a nat rule on the first router to translate one of their global ip addresses to your routers wam interface address (172.18.67.129), when they tell you what address the have nated you, to put this in the "tunnel source" statement of tunnel0, and in the tunnel destination on your tunnel setup page (at he)

Hope this helps, please post with progress/results