Cisco IPv6 Tunnel Config

From AAISP Support Site
Revision as of 16:37, 24 November 2010 by Tdgsandf (talk | contribs) (Created page with "<code> ipv6 unicast-routing ipv6 cef ! enable IPv6 routing ! interface Tunnel6 no ip address ipv6 address 2001:8B0:XXXX:YYYY::/64 eui-64 ! XXXX is 2001:8B0:XXXX::/48 is your AA...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

ipv6 unicast-routing ipv6 cef ! enable IPv6 routing ! interface Tunnel6 

no ip address
ipv6 address 2001:8B0:XXXX:YYYY::/64 eui-64

! XXXX is 2001:8B0:XXXX::/48 is your AAISP allocated IPv6 block ! YYYY is your chosen subnet for the yournet<->AAISP connection ! This will allocate an IP based on your MAC address. You could also ! explicitly define the IPv6 address with something like ! ipv6 address 2001:8B0:XXXX:YYYY::1/64 

ipv6 enable
ipv6 traffic-filter internet_ipv6_in in
ipv6 traffic-filter internet_ipv6_out out
ipv6 mtu 1280
tunnel source FastEthernet0/0

! Use your external facing interface 

tunnel destination 81.187.81.6
tunnel mode ipv6ip

! ipv6 route ::/0 Tunnel6 ! ipv6 access-list internet_ipv6_in 

permit icmp any any echo-reply
permit icmp any any echo-request
permit icmp any any unreachable
permit icmp any any time-exceeded
deny icmp any any log
evaluate internet-ipv6-reflect
permit tcp any host 2001:8B0:XXXX:ZZZZ::AAAA eq www
permit udp any host 2001:8B0:XXXX:ZZZZ::BBBB eq domain
permit tcp any host 2001:8B0:XXXX:ZZZZ::CCCC eq smtp

! replace XXXX, ZZZZ, AAAA, BBBB, CCCC to suit your network 

deny ipv6 any any log

! ipv6 access-list internet_ipv6_out 

permit ipv6 any any reflect internet-ipv6-reflect timeout 300
deny ipv6 any any log

!

Notes on the above:

  1. Replace placeholders with the appropriate address portions for your allocated /48 and internal network
  2. I've included a very basic firewall configuration. I've used the "reflect" technology which may not be available in all IOS versions
Retrieved from ‘http://support.aa.net.uk/index.php?title=Cisco_IPv6_Tunnel_Config&oldid=192