This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Cisco IPv6 Tunnel Config

From AAISP Support Site
Jump to navigation Jump to search
ipv6 unicast-routing
ipv6 cef
! enable IPv6 routing
interface Tunnel6
 no ip address
 ipv6 address 2001:8B0:XXXX:YYYY::/64 eui-64
! XXXX is 2001:8B0:XXXX::/48 is your AAISP allocated IPv6 block
! YYYY is your chosen subnet for the yournet<->AAISP connection
! This will allocate an IP based on your MAC address. You could also
! explicitly define the IPv6 address with something like
! ipv6 address 2001:8B0:XXXX:YYYY::1/64
 ipv6 enable
 ipv6 traffic-filter internet_ipv6_in in
 ipv6 traffic-filter internet_ipv6_out out
 ipv6 mtu 1280
 tunnel source FastEthernet0/0
! Use your external facing interface
 tunnel destination
 tunnel mode ipv6ip
ipv6 route ::/0 Tunnel6
! make the tunnel our IPv6 default route
ipv6 access-list internet_ipv6_in
 permit icmp any any echo-reply
 permit icmp any any echo-request
 permit icmp any any unreachable
 permit icmp any any time-exceeded
 deny icmp any any log
 evaluate internet-ipv6-reflect
 permit tcp any host 2001:8B0:XXXX:ZZZZ::AAAA eq www
 permit udp any host 2001:8B0:XXXX:ZZZZ::BBBB eq domain
 permit tcp any host 2001:8B0:XXXX:ZZZZ::CCCC eq smtp
! replace XXXX, ZZZZ, AAAA, BBBB, CCCC to suit your network
 deny ipv6 any any log
ipv6 access-list internet_ipv6_out
 permit ipv6 any any reflect internet-ipv6-reflect timeout 300
 deny ipv6 any any log

Notes on the above:

  1. Replace placeholders with the appropriate address portions for your allocated /48 and internal network
  2. I've included a very basic firewall configuration. I've used the "reflect" technology which may not be available in all IOS versions