Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: [1] 2

Author Topic: can't ping Server IPv6 Address  (Read 12920 times)

bachawiss

  • Newbie
  • *
  • Posts: 10
can't ping Server IPv6 Address
« on: March 06, 2013, 03:50:31 PM »

Hi
I am tunnel broker in gns3 cisco router
I can ping the ipv4 server address but,not ipv6 address,so i can't ping any ipv6 address
Server IPv4 Address:216.66.84.42
Server IPv6 Address:2001:470:1f12:1155::1/64
Client IPv4 Address:197.15.27.141
Client IPv6 Address:2001:470:1f12:1155::2/64
 
And the router running config  :
Quote
ipv6 unicast-routing
ipv6 cef

interface Tunnel0
 no ip address
 ipv6 address 2001:470:1F12:1155::2/64
 ipv6 enable
 tunnel source 192.168.137.10
 tunnel destination 216.66.84.42
 tunnel mode ipv6ip
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface FastEthernet1/0
 ip address 192.168.137.10 255.255.255.0
 duplex auto
 speed auto
Thank for help
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1722
Re: can't ping Server IPv6 Address
« Reply #1 on: March 06, 2013, 04:08:59 PM »

So what is the NAT/firewall/router appliance upstream of this? Because there is a chance it is filtering Protocol 41 to hosts behind it. Otherwise your config looks correct aside from a missing default IPv6 route. The HE side definitely responds when pinged.
Logged

bertrand1980

  • Newbie
  • *
  • Posts: 3
Re: can't ping Server IPv6 Address
« Reply #2 on: March 06, 2013, 04:59:43 PM »

Hi,
I had the same issue. I had an ACL on my Cisco router and added the line "permit 41 any any" and it worked after that (being able to ping the server).
I'm just wondering what this protocol 41 is and if i had to allow it for anyone or only for the ipv4 server address.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2714
Re: can't ping Server IPv6 Address
« Reply #3 on: March 06, 2013, 05:09:36 PM »

Protocol 41 is what is used to carry the traffic on the tunnel... The HE tunnel users 6in4 which uses proto41.  You only have to allow it for  the device hosting the tunnel.
Logged

bertrand1980

  • Newbie
  • *
  • Posts: 3
Re: can't ping Server IPv6 Address
« Reply #4 on: March 06, 2013, 05:32:15 PM »

Thanks.
I wonder if it would be wise to add a few more hints to the configuration exemples tab when creating the tunnel, like explaining that the routed /64 has to be added to an interface in the LAN (i missed that so i guess other would too).
Logged

bertrand1980

  • Newbie
  • *
  • Posts: 3
Re: can't ping Server IPv6 Address
« Reply #5 on: March 06, 2013, 05:39:58 PM »

I must be blind. i just checked again and the info is there. Did someone just added it a moment ago or am i losing my mind ?
Logged

bachawiss

  • Newbie
  • *
  • Posts: 10
Re: can't ping Server IPv6 Address
« Reply #6 on: March 07, 2013, 12:25:51 AM »

I added this acl to 41,echo and echo reply in the fa1/0 connetcted to internet
But i still cannot ping
Quote
ipv6 unicast-routing
ipv6 cef


interface Tunnel0
 no ip address
 ipv6 address 2001:470:1F12:1155::2/64
 ipv6 enable
 tunnel source 192.168.137.10
 tunnel destination 216.66.84.42
 tunnel mode ipv6ip

!
interface FastEthernet1/0
 ip address 192.168.137.10 255.255.255.0
 ip access-group 110 in
 duplex auto
 speed auto

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.137.1
no ip http server
no ip http secure-server

access-list 110 permit 41 any any
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any echo
ipv6 route ::/0 Tunnel0

R7(config)#int fastEthernet 1/0
R7(config-if)#ip access-group 110 in
« Last Edit: March 07, 2013, 06:31:25 AM by bachawiss »
Logged

bachawiss

  • Newbie
  • *
  • Posts: 10
Re: can't ping Server IPv6 Address
« Reply #7 on: March 07, 2013, 06:52:30 AM »

If you see the capture file,in the picture, i have not echo reply,that the router has rejected,if it was acl problem i see the echo reply
what is the problem ??
I do the capture in the link between the routeur fa1/0 and the cloud,in gns3
« Last Edit: March 07, 2013, 07:00:36 AM by bachawiss »
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2714
Re: can't ping Server IPv6 Address
« Reply #8 on: March 07, 2013, 06:53:32 AM »

You never answered reply#1 above...
Logged

bachawiss

  • Newbie
  • *
  • Posts: 10
Re: can't ping Server IPv6 Address
« Reply #9 on: March 07, 2013, 07:10:40 AM »

You never answered reply#1 above...
I don't use any firewall,I use nat to share connexion to GNS3
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2714
Re: can't ping Server IPv6 Address
« Reply #10 on: March 07, 2013, 07:11:53 AM »

What's the device that's directly ahead of your router in the upstream path?
Logged

bachawiss

  • Newbie
  • *
  • Posts: 10
Re: can't ping Server IPv6 Address
« Reply #11 on: March 07, 2013, 07:14:13 AM »

it's directly connected to LAN
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1722
Re: can't ping Server IPv6 Address
« Reply #12 on: March 07, 2013, 07:52:57 AM »

Lets try this again. Your Cisco emulator has an RFC1918 IP address. What is acting as the NAT gateway for that IP range? What is the 192.168.137.1 device?

Quote
I use nat to share connexion to GNS3
« Last Edit: March 07, 2013, 07:54:34 AM by broquea »
Logged

bachawiss

  • Newbie
  • *
  • Posts: 10
Re: can't ping Server IPv6 Address
« Reply #13 on: March 07, 2013, 08:19:23 AM »

Lets try this again. Your Cisco emulator has an RFC1918 IP address. What is acting as the NAT gateway for that IP range? What is the 192.168.137.1 device?

Quote
I use nat to share connexion to GNS3
I have a wireless LAN 192.168.1.0 /24
I use a loopback adaptor,to connect routers in GNS3,which is a virtual LAN CARD,her ip address is 192.168.137.1
I shared connexion between loopback card and wireless card by the NAT it translate the ip adresses in 192.168.137.0 to 192.168.1.0
so Loopback CARD(192.168.137.0) ->wirelessLAN(192.168.1.0)->WAN
my cisco router is connected to 192.168.137.0 network,and it ping wan ipv4 adresses
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1722
Re: can't ping Server IPv6 Address
« Reply #14 on: March 07, 2013, 08:30:41 AM »

So you have DOUBLE NAT it sounds like. So now you need to make certain that both NATs "between loopback card and wireless card" as well as the device with 197.15.27.141 configured on it aren't filtering Protocol 41. Also the word is "connection".
Logged
Pages: [1] 2