IPv6 – Setting up a connection to a Tunnel Broker (Part 1)

I have been told that I will be involved in a migration from IPv4 to IPv6 later this year. That has me looking at learning more about IPv6 than I had anticipated. After going over the Hurricane Electric website and doing some research on Google, I have put together the following configuration for the Cisco 1811 router that will server as the 4 to 6 gateway. With this config, I wasn’t able to get the tunnel to come up but I expect the problem is with the ASA That is in front of this. I am waiting to hear back from some questions I have posted on the Cisco Support Community to see what changes to the config I am using may be needed or if I will need to upgrade the ASA binary that I am using (which isn’t something I look forward to doing since how the NAT rules work and are configured change significantly). I have put x’s in part of the addresses that I got from HE but the online config tool will help you get started in the right direction.

interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:x:x::1/64
ipv6 enable
tunnel source 192.168.1.100
tunnel destination 209.51.x.x
tunnel mode ipv6ip
!
interface FastEthernet0
ip address 192.168.1.100 255.255.255.0
duplex auto
speed auto
ipv6 address 2001:470:x:x::1/64
ipv6 enable
!
!
ipv6 route ::/0 Tunnel0
ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

I ran debug tunnel on my router to see why I couldnt ping anything from IPv6.

Here is the debug output –

*Jan 18 04:46:39.435: FIBtunnel: Tunnel0 physical idb changed from FastEthernet0 to FastEthernet0
*Jan 18 04:46:41.115: FIBtunnel: Tu0: stacking IPV6 :: to Default:209.51.181.2
*Jan 18 04:46:41.431: %LINK-3-UPDOWN: Interface Tunnel0, changed state to up
*Jan 18 04:46:41.431: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)
*Jan 18 04:46:41.431: Tunnel0 count tx, adding 20 encap bytes
*Jan 18 04:46:42.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*Jan 18 04:46:42.431: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)
*Jan 18 04:46:42.431: Tunnel0 count tx, adding 20 encap bytes
*Jan 18 04:46:42.431: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
*Jan 18 04:46:42.431: Tunnel0 count tx, adding 20 encap bytes
*Jan 18 04:46:42.431: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
*Jan 18 04:46:42.431: Tunnel0 count tx, adding 20 encap bytes
*Jan 18 04:46:42.431: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
*Jan 18 04:46:42.431: Tunnel0 count tx, adding 20 encap bytes
*Jan 18 04:46:42.431: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)
*Jan 18 04:46:42.431: Tunnel0 count tx, adding 20 encap bytes
*Jan 18 04:46:42.863: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
*Jan 18 04:46:42.863: Tunnel0 count tx, adding 20 encap bytes
*Jan 18 04:46:42.863: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
*Jan 18 04:46:42.863: Tunnel0 count tx, adding 20 encap bytes
*Jan 18 04:46:43.363: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
*Jan 18 04:46:43.363: Tunnel0 count tx, adding 20 encap bytes
*Jan 18 04:46:43.431: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)
*Jan 18 04:46:43.431: Tunnel0 count tx, adding 20 encap bytesz

This tells me that the router is trying to bring up the tunnel. The next step is to look at what I need to change on the ASA to get this traffic to pass. I will do a packet capture to verify that traffic is coming back to the ASA and see what I have to do from there to get this working. I am also looking at having a DSL connection installed. I have talked to my cable provider and to get my current connection reconfigured to handle multiple IP addresses will run around $100 in monthly recurring charges. I am looking at the availability of a basic DSL connection. I had looked at AT&T U-verse but with installation charges of $150 and equipment rental on top of that, dont think I will be installing that in my lab.

Send to Kindle
This entry was posted in Blog Entries and tagged . Bookmark the permalink.