Ran a protocol capture and noticed this error in the ASDM log – regular translation creation failed for protocol 41 src Inside:192.168.1.100 dst Outside:220.127.116.11
In looking at the rules, it appears that I need an access rule to allow the protocol 41 traffic to go outbound. There is only an access rule for inbound to outbound to allow IP.
Added these lines to the ASA config –
object-group protocol IPV6inIP
access-list inside_access_in line 2 extended permit object-group IPV6inIP any any
Still getting the above error after putting the config lines just listed. Beginning to suspect that the 8.2.5 binary doesn’t support protocol forwarding, either inbound or outbound. I have seen web postings that this did work, possibly due to a bug in the code, in 8.0.3. I am using features in 8.2.5 that I would lose if I go back to 8.0.3. As much I would prefer not to deal with a major rewrite of the ASA binary, looks like I don’t really have a choice. After doing some additional research, I will have to upgrade the ASA binary. General consensus on the Cisco Support Community forums is to go to 8.4 and skip 8.3 altogether. I have ordered the memory (found some new Cisco memory on Amazon) . Will put this in one of my ASA’s. Once this works, I might try some of the $20 bargain memory that I have seen on eBay. Just trying to err on the side of caution. I have used www.ciscomemoryupgrades.com in the past with good results. May go back to them for the memory for the second ASA.
I have checked the available ISP’s in the area, no one is offering IPv6 to residential customers at this time. A couple of them mentioned that they had been getting requests for it or were looking to offer it later this year but no firm date for ordering. Still looking at getting a secondary internet connection that will end up being the link I use the Tunnel Broker router on. Dont expect the memory until later in the week. Will have to get it installed, upgrade the binary in the ASA and verify that everything is working normally before getting back to working on the Tunnel Broker router that I already have in place. To be on the safe side, I will do this work on my backup ASA and keep my primary intact just in case there is a problem during the upgrade process.