Solved

ipv6to4 on Cisco 877

Posted on 2011-03-02
5
1,240 Views
Last Modified: 2012-05-11
Hello,

i'm trying to get our cisco 877 running on a dual situation on the LAN.
It should have an ipv4 and ipv6 address internally, we tried different things but nothing seems to work.
On the WAN side it only has an IPV4 address.
Whats the best way to achieve this?
Below is our current config:
 
!
! Last configuration change at 14:05:35 PCTime Wed Jan 26 2011 by admin
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname RTR-Cisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-2996806490
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2996806490
revocation-check none
rsakeypair TP-self-signed-2996806490
!
!
crypto pki certificate chain TP-self-signed-2996806490
certificate self-signed 01
  30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32393936 38303634 3930301E 170D3032 30333031 30303037
  30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39393638
  30363439 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100EC7E 26CB5CC7 D7EDE438 84D7D0AC C0A09EF6 0F1B3BB8 661D8E9F 1FF5B05E
  BEC22AB2 0E9A2914 CF1C7329 F9D6C523 28AD1453 9F0431B7 835EF80C 8576CE2E
  1F560B8A 29AD8F1D A0BAF454 47252829 A1096BFB 4E82EF5B 1B172B79 EBA05290
  AB28A218 F7A8FB78 9F21015D B239A539 A743F7EB 445B3E8C 152199F9 0442FED0
  FDF50203 010001A3 6C306A30 0F060355 1D130101 FF040530 030101FF 30170603
  551D1104 10300E82 0C525452 2D4C696D 67726F75 70301F06 03551D23 04183016
  8014026A DCEDA5D7 5E8B1F6C C5A819AE 24C67BA7 5C3C301D 0603551D 0E041604
  14026ADC EDA5D75E 8B1F6CC5 A819AE24 C67BA75C 3C300D06 092A8648 86F70D01
  01040500 03818100 DF73CB8E 5EBA19F7 9EC71E05 923FEE66 C8C79683 944E70AB
  E2E207B8 E86CBC1F 14973500 398D9E41 BE0146C5 B9B9110E DF4B7E52 E746572D
  B45A45A3 396178C2 D6EBE1E8 AF20311A 5C2F8389 06E961D2 4AB7F606 4D5CB232
  799F750D 9E4A23FE E9DB9E17 2618466A FEDEC4FD E3340050 8207BC8C 38314433
  3A3DF7CB 5B2C2149
        quit
dot11 syslog
no ip source-route
ip cef
!
!
!
!
no ip bootp server
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
!
!
!
archive
log config
  hidekeys
!
!
ip tcp synwait-time 10
!
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
  inspect
class class-default
  pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
  drop log
class type inspect ccp-protocol-http
  inspect
class type inspect ccp-insp-traffic
  inspect
class class-default
policy-map type inspect ccp-permit
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
!
!
interface Tunnel1
no ip address
ipv6 enable
!
interface Tunnel2002
description 6to4 Relay Interface
no ip address
no ip redirects
ipv6 address 2002:C001:203::1/128
ipv6 enable
tunnel source Vlan1
tunnel mode ipv6ip 6to4
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/48
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 10.0.0.1 255.0.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip route-cache flow
ip tcp adjust-mss 1452
ipv6 address 2002:C001:203::3/128
ipv6 enable
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username S.Aspergerijk@direct-adsl password 7 1420465855201E792C
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface Dialer0 overload
!
logging trap debugging
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.0.0.0 0.255.255.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=2
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Open in new window

0
Comment
Question by:penthese
  • 3
  • 2
5 Comments
 
LVL 24

Accepted Solution

by:
rfc1180 earned 500 total points
ID: 35020575
get a ipv6 connection via a tunnel from a tunnel broker:
HE is free: http://tunnelbroker.net/

request a /48 after building the tunnel

Example configurtaion:

configure terminal
ipv6 unicast-routing
interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 enable
 ipv6 address 2001:470:1f10:743::2/64
 tunnel source 173.8.232.209
 tunnel destination 209.51.181.2
 tunnel mode ipv6ip
ipv6 route ::/0 Tunnel0
ipv6 dns server-address 2001:470:20::2

ipv6 route 2001:470:c19c::/48 null0  (replace /48 with your requested /48)


interface fast0/0
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 10.0.0.1 255.0.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip route-cache flow
ip tcp adjust-mss 1452
ipv6 address 2001:470:c19c::1/64
ipv6 enable


end
write
0
 

Author Comment

by:penthese
ID: 35022133
Thanks for your help.

So then the Cisco wil have 2001:470:c19c::1/64 as internal ipv6 address and we can address our clients 2001:470:c19c::2/64 etc?

As gateway we need to use 2001:470:c19c::1/64 after it?

Regards,
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 35023327

>So then the Cisco wil have 2001:470:c19c::1/64 as internal ipv6 address and we can address our clients 2001:470:c19c::2/64 etc?

Correct

>As gateway we need to use 2001:470:c19c::1/64 after it?
Typically no, the link-local address of the router (Gateway) will be used; automatically updated via RA. However, you can manually define, but it is then recommend that you supress RA.

Billy
0
 

Author Comment

by:penthese
ID: 35025876
thanks for your help, configured everything.
But where did you get the address ipv6 address 2001:470:c19c::1/64 from ?
Is this the Routed /64: from he.net?
0
 

Author Comment

by:penthese
ID: 35026311
nevermind, its already working, windows 7 gives some issues, windows xp is running fine.
Thanks for your help.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now