Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: New Tunnel on 1811 - Unable to Ping Across  (Read 8039 times)

fdamstra

  • Newbie
  • *
  • Posts: 4
New Tunnel on 1811 - Unable to Ping Across
« on: June 03, 2009, 08:54:33 AM »

Got a new Cisco 1811 to use as my home gateway, and this morning, I registered with TunnelBroker to set up a tunnel.

I've got the configuration in there, but no IPv6 connectivity.  I cannot even ping across the tunnel interface.  There are currently no ACL's on my WAN interface, as I thought I'd set up the tunnel before I start locking down the security in order to avoid just these sorts of problems.  Is it possible my ISP is blocking the connection?  I am using BVI's for my LAN, which I'm told don't work (or didn't work?) with IPv6, but they're not even involved at this point since I'm pinging from the router.

Here are relevant parts of my configuration (IOS 12.4(15)T9):
Code: [Select]
hostname MonkeyBOX-1811W
!
ipv6 unicast-routing
!
interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker - Chicago
 no ip address
 ipv6 address 2001:470:1F10:C7::2/64
 ipv6 enable
 tunnel source 69.221.231.68
 tunnel destination 209.51.181.2
 tunnel mode ipv6ip
!
interface FastEthernet0
 description to AT&T DSL
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ipv6 route ::/0 Tunnel0

Seems pretty basic apart from the 'ip nat outside', but that only matches source addresses from my LAN, not the tunnel interface itself.

'show ip int brief' shows both the tunnel interface is up, and that the ip is correct:
Code: [Select]
MonkeyBOX-1811W#sh ip int brie
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              69.221.231.68   YES DHCP   up                    up
Tunnel0                    unassigned      YES manual up                    up

Some additional troubleshooting and demonstration of the issue:
Code: [Select]
MonkeyBOX-1811W#! Ping local side works
MonkeyBOX-1811W#ping 2001:470:1F10:C7::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:1F10:C7::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
MonkeyBOX-1811W#! Ping remote side fails
MonkeyBOX-1811W#ping 2001:470:1F10:C7::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:1F10:C7::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
MonkeyBOX-1811W#! Additional troubleshooting
MonkeyBOX-1811W#conf t
MonkeyBOX-1811W(config)#access-list 142 permit ip host 69.221.231.68 host 209.51.181.2
MonkeyBOX-1811W(config)#access-list 142 permit ip host 209.51.181.2 host 69.221.231.68
MonkeyBOX-1811W(config)#exit
MonkeyBOX-1811W#debug tunnel
Tunnel Interface debugging is on
MonkeyBOX-1811W#debug ip packet 142
IP packet debugging is on for access list 142
MonkeyBOX-1811W#ping 2001:470:1F10:C7::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:1F10:C7::1, timeout is 2 seconds:

Jun  3 15:50:56.556: Tunnel0: IPv6/IP encapsulated 69.221.231.68->209.51.181.2 (linktype=79, len=120)
Jun  3 15:50:56.556: IP: s=69.221.231.68 (Tunnel0), d=209.51.181.2 (FastEthernet0), len 120, sending
Jun  3 15:50:56.556: Tunnel0 count tx, adding 20 encap bytes.
Jun  3 15:50:58.556: Tunnel0: IPv6/IP encapsulated 69.221.231.68->209.51.181.2 (linktype=79, len=120)
Jun  3 15:50:58.556: IP: s=69.221.231.68 (Tunnel0), d=209.51.181.2 (FastEthernet0), len 120, sending
Jun  3 15:50:58.556: Tunnel0 count tx, adding 20 encap bytes.
Jun  3 15:51:00.556: Tunnel0: IPv6/IP encapsulated 69.221.231.68->209.51.181.2 (linktype=79, len=120)
Jun  3 15:51:00.556: IP: s=69.221.231.68 (Tunnel0), d=209.51.181.2 (FastEthernet0), len 120, sending
Jun  3 15:51:00.556: Tunnel0 count tx, adding 20 encap bytes.
Jun  3 15:51:02.556: Tunnel0: IPv6/IP encapsulated 69.221.231.68->209.51.181.2 (linktype=79, len=120)
Jun  3 15:51:02.556: IP: s=69.221.231.68 (Tunnel0), d=209.51.181.2 (FastEthernet0), len 120, sending
Jun  3 15:51:02.556: Tunnel0 count tx, adding 20 encap bytes.
Jun  3 15:51:04.556: Tunnel0: IPv6/IP encapsulated 69.221.231.68->209.51.181.2 (linktype=79, len=120)
Jun  3 15:51:04.556: IP: s=69.221.231.68 (Tunnel0), d=209.51.181.2 (FastEthernet0), len 120, sending
Jun  3 15:51:04.556: Tunnel0 count tx, adding 20 encap bytes.
Success rate is 0 percent (0/5)

Not sure where to go from here.  Looks like packets are being encapsulated on the way out, but I'm not receiving anything back.

(Edited to add: I just went through the IPv4 Endpoint Verification procedure, but it turns out that this deletes the tunnel and won't let me create a new one, so I guess I'm done troubleshooting this until tomorrow)
« Last Edit: June 03, 2009, 09:08:23 AM by fdamstra »
Logged

fdamstra

  • Newbie
  • *
  • Posts: 4
Re: New Tunnel on 1811 - Unable to Ping Across
« Reply #1 on: June 03, 2009, 12:08:19 PM »

According to this article, it's probably my DSL modem, as I have the same type that author had.

Logged

ZeroByte

  • Newbie
  • *
  • Posts: 2
Re: New Tunnel on 1811 - Unable to Ping Across
« Reply #2 on: June 04, 2009, 07:21:03 AM »

Well, I don't know if you can get into the configuration of the DSL modem or not, but if you can, you might see if it can be placed in bridge mode and then you could run the PPPoE session directly from your 1811. If the modem is bridging, then any of its layer-3 quirks would be eliminated.

Logged

KevinGLong

  • Newbie
  • *
  • Posts: 6
Re: New Tunnel on 1811 - Unable to Ping Across
« Reply #3 on: July 11, 2009, 06:05:56 PM »

fdamstra, I'm no expert by any means but I have a working IPv6 tunnel working on my 1811 router.

I posted my config and other info that I discovered during a few sleepness nights over in the "IPv6 on Windows" forum back in December.
Here is a direct link: http://www.tunnelbroker.net/forums/index.php?topic=285.0

The topic name is "XP PC behind Cisco Router - rtr works, pc doesn't"

Good Luck.
Kevin
Logged

fdamstra

  • Newbie
  • *
  • Posts: 4
Re: New Tunnel on 1811 - Unable to Ping Across
« Reply #4 on: July 12, 2009, 08:25:07 AM »

Thanks.  I was able to get this to work using another modem, which I set in bridged mode, and let the 1811 do the PPPoE.  My wired LAN is IPv6 enabled, though I can't seem to get it to work over wireless.
Logged