Cisco IPv6 Tunnel Config: Difference between revisions
Appearance
	
	
Content deleted Content added
| No edit summary | mNo edit summary | ||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 47: | Line 47: | ||
| # I've included a very basic firewall configuration. I've used the "reflect" technology which may not be available in all IOS versions | # I've included a very basic firewall configuration. I've used the "reflect" technology which may not be available in all IOS versions | ||
| [Category: | [[Category:3rd Party Routers|Cisco]] [[Category:IPv6]] | ||
Latest revision as of 13:13, 24 February 2015
ipv6 unicast-routing ipv6 cef ! enable IPv6 routing ! interface Tunnel6 no ip address ipv6 address 2001:8B0:XXXX:YYYY::/64 eui-64 ! XXXX is 2001:8B0:XXXX::/48 is your AAISP allocated IPv6 block ! YYYY is your chosen subnet for the yournet<->AAISP connection ! This will allocate an IP based on your MAC address. You could also ! explicitly define the IPv6 address with something like ! ipv6 address 2001:8B0:XXXX:YYYY::1/64 ipv6 enable ipv6 traffic-filter internet_ipv6_in in ipv6 traffic-filter internet_ipv6_out out ipv6 mtu 1280 tunnel source FastEthernet0/0 ! Use your external facing interface tunnel destination 81.187.81.6 tunnel mode ipv6ip ! ipv6 route ::/0 Tunnel6 ! make the tunnel our IPv6 default route ! ipv6 access-list internet_ipv6_in permit icmp any any echo-reply permit icmp any any echo-request permit icmp any any unreachable permit icmp any any time-exceeded deny icmp any any log evaluate internet-ipv6-reflect permit tcp any host 2001:8B0:XXXX:ZZZZ::AAAA eq www permit udp any host 2001:8B0:XXXX:ZZZZ::BBBB eq domain permit tcp any host 2001:8B0:XXXX:ZZZZ::CCCC eq smtp ! replace XXXX, ZZZZ, AAAA, BBBB, CCCC to suit your network deny ipv6 any any log ! ipv6 access-list internet_ipv6_out permit ipv6 any any reflect internet-ipv6-reflect timeout 300 deny ipv6 any any log !
Notes on the above:
- Replace placeholders with the appropriate address portions for your allocated /48 and internal network
- I've included a very basic firewall configuration. I've used the "reflect" technology which may not be available in all IOS versions