Unable to reach internet from Cisco AnyConnect using IPv6 through HE

CiscoFanboy · August 31, 2018, 11:09:05 PM

Hello everyone, I am unable to use IPv6 on any Cisco AnyConnect client, I have an IPv6 block that I received from AS 202322 and I have configured my VPN subnet to be 2A05:DFC7:3E:5650:4E::/64. When I go out to the internet it displays my public IP address. I am using a Cisco ASA 5510 for the VPN concentrator/firewall. I hope someone will help.

I have added static routes on the edge routers and internal switch pointing to the firewall. I have also done calculations for the MTU, the default mtu would come out to be 1520 which is bigger than the max MTU for ethernet and obviously bigger than the MTU for the IPv6 in IPv4 tunnel which is 1480. I have tried adjusting the Cisco AnyConnect MTU to 1354 and no luck there.

Thanks,

Trevor Janssen

cholzhauer · September 01, 2018, 06:08:25 AM

What version of anyconnect and what version of the Cisco OS? Older versions do not support 6in4 tunnels

CiscoFanboy · September 14, 2018, 05:14:50 PM

Hello, I am using Cisco ASA OS 9.1.7 and Cisco AnyConnect 4.5

cholzhauer · September 15, 2018, 04:04:34 AM

That's most likely your problem. Newer versions of both support tunnels where the old ones don't

CiscoFanboy · September 16, 2018, 01:01:21 PM

There is a router upstream from the firewall, it is a Cisco 2951. The router is using IOS 15.5(3)M7. The tunnel is terminated to the edge routers.

cholzhauer · September 16, 2018, 01:04:15 PM

Old versions of anyconnect don't support the 6in4 stuff

You need to upgrade

CiscoFanboy · September 17, 2018, 11:06:40 AM

What version do you recommend?

cholzhauer · September 17, 2018, 11:21:56 AM

I don't remember offhand which version fixed it, but I'd grab the latest one and avoid some of the bugs along the way.

News:

Unable to reach internet from Cisco AnyConnect using IPv6 through HE