• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

can't ping Server IPv6 Address

Started by bachawiss, March 06, 2013, 03:50:31 PM

Previous topic - Next topic

bachawiss

Hi
I am tunnel broker in gns3 cisco router
I can ping the ipv4 server address but,not ipv6 address,so i can't ping any ipv6 address
Server IPv4 Address:216.66.84.42
Server IPv6 Address:2001:470:1f12:1155::1/64
Client IPv4 Address:197.15.27.141
Client IPv6 Address:2001:470:1f12:1155::2/64

And the router running config  :
Quote
ipv6 unicast-routing
ipv6 cef

interface Tunnel0
no ip address
ipv6 address 2001:470:1F12:1155::2/64
ipv6 enable
tunnel source 192.168.137.10
tunnel destination 216.66.84.42
tunnel mode ipv6ip
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 192.168.137.10 255.255.255.0
duplex auto
speed auto
Thank for help

broquea

So what is the NAT/firewall/router appliance upstream of this? Because there is a chance it is filtering Protocol 41 to hosts behind it. Otherwise your config looks correct aside from a missing default IPv6 route. The HE side definitely responds when pinged.

bertrand1980

Hi,
I had the same issue. I had an ACL on my Cisco router and added the line "permit 41 any any" and it worked after that (being able to ping the server).
I'm just wondering what this protocol 41 is and if i had to allow it for anyone or only for the ipv4 server address.

cholzhauer

Protocol 41 is what is used to carry the traffic on the tunnel... The HE tunnel users 6in4 which uses proto41.  You only have to allow it for  the device hosting the tunnel.

bertrand1980

Thanks.
I wonder if it would be wise to add a few more hints to the configuration exemples tab when creating the tunnel, like explaining that the routed /64 has to be added to an interface in the LAN (i missed that so i guess other would too).

bertrand1980

I must be blind. i just checked again and the info is there. Did someone just added it a moment ago or am i losing my mind ?

bachawiss

#6
I added this acl to 41,echo and echo reply in the fa1/0 connetcted to internet
But i still cannot ping
Quote
ipv6 unicast-routing
ipv6 cef


interface Tunnel0
no ip address
ipv6 address 2001:470:1F12:1155::2/64
ipv6 enable
tunnel source 192.168.137.10
tunnel destination 216.66.84.42
tunnel mode ipv6ip

!
interface FastEthernet1/0
ip address 192.168.137.10 255.255.255.0
ip access-group 110 in
duplex auto
speed auto

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.137.1
no ip http server
no ip http secure-server

access-list 110 permit 41 any any
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any echo
ipv6 route ::/0 Tunnel0

R7(config)#int fastEthernet 1/0
R7(config-if)#ip access-group 110 in

bachawiss

#7
If you see the capture file,in the picture, i have not echo reply,that the router has rejected,if it was acl problem i see the echo reply
what is the problem ??
I do the capture in the link between the routeur fa1/0 and the cloud,in gns3

cholzhauer

You never answered reply#1 above...

bachawiss

Quote from: cholzhauer on March 07, 2013, 06:53:32 AM
You never answered reply#1 above...
I don't use any firewall,I use nat to share connexion to GNS3

cholzhauer

What's the device that's directly ahead of your router in the upstream path?

bachawiss


broquea

#12
Lets try this again. Your Cisco emulator has an RFC1918 IP address. What is acting as the NAT gateway for that IP range? What is the 192.168.137.1 device?

QuoteI use nat to share connexion to GNS3

bachawiss

Quote from: broquea on March 07, 2013, 07:52:57 AM
Lets try this again. Your Cisco emulator has an RFC1918 IP address. What is acting as the NAT gateway for that IP range? What is the 192.168.137.1 device?

QuoteI use nat to share connexion to GNS3
I have a wireless LAN 192.168.1.0 /24
I use a loopback adaptor,to connect routers in GNS3,which is a virtual LAN CARD,her ip address is 192.168.137.1
I shared connexion between loopback card and wireless card by the NAT it translate the ip adresses in 192.168.137.0 to 192.168.1.0
so Loopback CARD(192.168.137.0) ->wirelessLAN(192.168.1.0)->WAN
my cisco router is connected to 192.168.137.0 network,and it ping wan ipv4 adresses

broquea

So you have DOUBLE NAT it sounds like. So now you need to make certain that both NATs "between loopback card and wireless card" as well as the device with 197.15.27.141 configured on it aren't filtering Protocol 41. Also the word is "connection".