Cisco IPv6 Tunnel Config

From AAISP Support Site
Revision as of 13:13, 24 February 2015 by AA-Andrew (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
ipv6 unicast-routing
ipv6 cef
! enable IPv6 routing
!
interface Tunnel6
 no ip address
 ipv6 address 2001:8B0:XXXX:YYYY::/64 eui-64
! XXXX is 2001:8B0:XXXX::/48 is your AAISP allocated IPv6 block
! YYYY is your chosen subnet for the yournet<->AAISP connection
! This will allocate an IP based on your MAC address. You could also
! explicitly define the IPv6 address with something like
! ipv6 address 2001:8B0:XXXX:YYYY::1/64
 ipv6 enable
 ipv6 traffic-filter internet_ipv6_in in
 ipv6 traffic-filter internet_ipv6_out out
 ipv6 mtu 1280
 tunnel source FastEthernet0/0
! Use your external facing interface
 tunnel destination 81.187.81.6
 tunnel mode ipv6ip
!
ipv6 route ::/0 Tunnel6
! make the tunnel our IPv6 default route
!
ipv6 access-list internet_ipv6_in
 permit icmp any any echo-reply
 permit icmp any any echo-request
 permit icmp any any unreachable
 permit icmp any any time-exceeded
 deny icmp any any log
 evaluate internet-ipv6-reflect
 permit tcp any host 2001:8B0:XXXX:ZZZZ::AAAA eq www
 permit udp any host 2001:8B0:XXXX:ZZZZ::BBBB eq domain
 permit tcp any host 2001:8B0:XXXX:ZZZZ::CCCC eq smtp
! replace XXXX, ZZZZ, AAAA, BBBB, CCCC to suit your network
 deny ipv6 any any log
!
ipv6 access-list internet_ipv6_out
 permit ipv6 any any reflect internet-ipv6-reflect timeout 300
 deny ipv6 any any log
!

Notes on the above:

  1. Replace placeholders with the appropriate address portions for your allocated /48 and internal network
  2. I've included a very basic firewall configuration. I've used the "reflect" technology which may not be available in all IOS versions