Configuring ipv6 on cisco 877

Discussion in 'Cisco' started by Tony Hoyle, Dec 7, 2005.

  1. Tony Hoyle

    Tony Hoyle Guest

    I have a cisco 877 that's been working fine (after an RMA on the first
    one I had due to overheating issues) and thought I'd like to re-enable
    ipv6, since the router supports it.

    The configuration seems simple enough - the tunnel broker (btexact -
    the only one left in the UK AFAIK) provides a script to configure IOS.
    However although everything looks like it has worked, I cannot ping any
    ipv6 addresses on the other end of the tunnel.

    eg.
    defiant#ping www.kame.net

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 2001:200:0:8002:203:47FF:FEA5:3085,
    timeout is 2 seconds:
    ......
    Success rate is 0 percent (0/5)

    A debug log (debug ip tunnel/debug ip packet) shows the packets going
    out, but nothing is coming back at all..
    050632: Dec 7 15:37:53.530: Tunnel0: IPv6/IP encapsulated
    84.9.223.40->213.121.24.85 (linktype=79, len=120)
    050633: Dec 7 15:37:53.530: IP: s=84.9.223.40 (Tunnel0),
    d=213.121.24.85 (Dialer0), len 120, sending, proto=41
    050646: Dec 7 15:40:20.167: Tunnel0: IPv6/IP encapsulated
    84.9.223.40->213.121.24.85 (linktype=79, len=123)
    050647: Dec 7 15:40:20.167: IP: s=84.9.223.40 (Tunnel0),
    d=213.121.24.85 (Dialer0), len 123, sending, proto=41

    At this point I'm stumped - short of asking to ISP to see if the
    packets are actually leaving the cisco (which would be a major pain -
    they don't 'support' anything but Windows and getting them to
    understand such a request is not something I'm really keen to do).

    Of course it's possible the tunnel broker is dead (it worked 2 years
    ago when I last dabbled in ipv6, but a lot can happen in that time)..
    I'd have to find another one then but they're getting scarce - all I
    can find are dead links... any ideas for live ones? (preferably in
    europe but if there are none there I'd settle for a US one).

    Tony

    (relevant bits of running config)
    interface Tunnel0
    description BTexact Technologies tunnel broker (tb.ipv6.btexact.com)
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    ipv6 address 2001:618:400::549:DF28/128
    ipv6 enable
    ipv6 mtu 1280
    tunnel source Dialer0
    tunnel destination 213.121.24.85
    tunnel mode ipv6ip
    end

    interface Vlan1
    description $FW_INSIDE$
    ip address 192.168.44.1 255.255.255.0
    ip access-group 100 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    ipv6 address 2001:618:400:2EEA::/64 eui-64
    ipv6 enable
    ipv6 mtu 1280
    end
     
    Tony Hoyle, Dec 7, 2005
    #1
    1. Advertising

  2. Tony Hoyle

    Guest

    Mmm, google gave me an error.

    try adding:

    ipv6 unicast-routing

    To your config#
     
    , Dec 7, 2005
    #2
    1. Advertising

  3. Tony Hoyle

    Guest

    Try adding:

    ipv6 unicast-routing

    To your config#
     
    , Dec 8, 2005
    #3
  4. Tony Hoyle

    Tony Hoyle Guest

    wrote:
    > Mmm, google gave me an error.
    >
    > try adding:
    >
    > ipv6 unicast-routing
    >
    > To your config#


    Already got that, and a default route (ipv6 route ::/0 Tunnel0).

    I'll post the whole thing, hopefully without any passwords etc. It's
    SDM generated so is rather big (btw. does anyone know why an interface
    would vanish from SDM? It can't see Dialer0 for some reason, even
    though it's there and functioning).

    Tony

    ---

    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    service sequence-numbers
    !
    hostname defiant
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 52000 debugging
    enable secret xxxx
    enable password xxxx
    !
    aaa new-model
    !
    !
    aaa authentication login local_authen local
    aaa authorization exec local_author local
    !
    aaa session-id common
    !
    resource policy
    !
    clock timezone PCTime 0
    clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
    ip subnet-zero
    no ip source-route
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.44.1 192.168.44.15
    !
    ip dhcp pool sdm-pool1
    import all
    network 192.168.44.0 255.255.255.0
    dns-server 192.168.44.7 192.168.44.3
    default-router 192.168.44.1
    domain-name local.nodomain.org
    netbios-name-server 192.168.44.4
    !
    !
    ip dhcp update dns
    ip tcp synwait-time 10
    no ip bootp server
    ip domain name local.nodomain.org
    ip name-server 192.168.44.7
    ip name-server 192.168.44.3
    ip ssh time-out 60
    ip ssh authentication-retries 2
    ip inspect log drop-pkt
    ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
    ip inspect name SDM_MEDIUM cuseeme
    ip inspect name SDM_MEDIUM dns
    ip inspect name SDM_MEDIUM ftp
    ip inspect name SDM_MEDIUM h323
    ip inspect name SDM_MEDIUM https
    ip inspect name SDM_MEDIUM icmp
    ip inspect name SDM_MEDIUM imap reset
    ip inspect name SDM_MEDIUM pop3 reset
    ip inspect name SDM_MEDIUM netshow
    ip inspect name SDM_MEDIUM rcmd
    ip inspect name SDM_MEDIUM realaudio
    ip inspect name SDM_MEDIUM rtsp
    ip inspect name SDM_MEDIUM esmtp
    ip inspect name SDM_MEDIUM sqlnet
    ip inspect name SDM_MEDIUM streamworks
    ip inspect name SDM_MEDIUM tftp
    ip inspect name SDM_MEDIUM tcp
    ip inspect name SDM_MEDIUM udp
    ip inspect name SDM_MEDIUM vdolive
    ip inspect name SDM_MEDIUM sip
    ip ips sdf location flash://sdmips.sdf
    ip ips sdf location flash://128MB.sdf
    ip ips notify SDEE
    ip ddns update method sdm_ddns1
    DDNS both
    !
    !
    appfw policy-name SDM_MEDIUM
    application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
    audit-trail on
    application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
    audit-trail on
    application http
    strict-http action allow
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
    application im yahoo
    service default action allow alarm
    service text-chat action allow alarm
    server permit name scs.msg.yahoo.com
    server permit name scsa.msg.yahoo.com
    server permit name scsb.msg.yahoo.com
    server permit name scsc.msg.yahoo.com
    server permit name scsd.msg.yahoo.com
    server permit name cs16.msg.dcn.yahoo.com
    server permit name cs19.msg.dcn.yahoo.com
    server permit name cs42.msg.dcn.yahoo.com
    server permit name cs53.msg.dcn.yahoo.com
    server permit name cs54.msg.dcn.yahoo.com
    server permit name ads1.vip.scd.yahoo.com
    server permit name radio1.launch.vip.dal.yahoo.com
    server permit name in1.msg.vip.re2.yahoo.com
    server permit name data1.my.vip.sc5.yahoo.com
    server permit name address1.pim.vip.mud.yahoo.com
    server permit name edit.messenger.yahoo.com
    server permit name messenger.yahoo.com
    server permit name http.pager.yahoo.com
    server permit name privacy.yahoo.com
    server permit name csa.yahoo.com
    server permit name csb.yahoo.com
    server permit name csc.yahoo.com
    audit-trail on
    !
    ipv6 unicast-routing
    !
    crypto pki trustpoint TP-self-signed-4147855391
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-4147855391
    revocation-check none
    rsakeypair TP-self-signed-4147855391
    !
    !
    crypto pki certificate chain TP-self-signed-4147855391
    certificate self-signed 01
    quit
    username root privilege 15 secret xxxxxx
    !
    !
    class-map match-any sdm_p2p_kazaa
    match protocol fasttrack
    match protocol kazaa2
    class-map match-any sdm_p2p_edonkey
    match protocol edonkey
    class-map match-any sdm_p2p_gnutella
    match protocol gnutella
    class-map match-any sdm_p2p_bittorrent
    match protocol bittorrent
    !
    !
    policy-map sdmappfwp2p_SDM_MEDIUM
    class sdm_p2p_gnutella
    class sdm_p2p_bittorrent
    class sdm_p2p_edonkey
    class sdm_p2p_kazaa
    !
    !
    !
    !
    !
    !
    interface Tunnel0
    description BTexact Technologies tunnel broker (tb.ipv6.btexact.com)
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    ipv6 address 2001:618:400::549:DF28/128
    tunnel source Dialer0
    tunnel destination 213.121.24.85
    tunnel mode ipv6ip
    !
    interface Null0
    no ip unreachables
    !
    interface ATM0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    no atm ilmi-keepalive
    dsl operating-mode ansi-dmt
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$$FW_OUTSIDE$
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0
    no cdp enable
    !
    interface FastEthernet1
    no cdp enable
    !
    interface FastEthernet2
    no cdp enable
    !
    interface FastEthernet3
    no cdp enable
    !
    interface Vlan1
    description $FW_INSIDE$
    ip address 192.168.44.1 255.255.255.0
    ip access-group 100 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    ipv6 address 2001:618:400:2EEA::/64 eui-64
    !
    interface Dialer0
    description $FW_OUTSIDE$
    ip address negotiated
    ip access-group 101 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nbar protocol-discovery
    ip nat outside
    ip inspect SDM_MEDIUM out
    ip virtual-reassembly
    encapsulation ppp
    ip route-cache flow
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname xxxx
    ppp chap password xxxx
    service-policy input sdmappfwp2p_SDM_MEDIUM
    service-policy output sdmappfwp2p_SDM_MEDIUM
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    ip route 10.0.1.0 255.255.255.0 192.168.44.4 2 permanent
    !
    !
    ip http server
    ip http access-class 2
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 600 life 86400 requests 10000
    ip nat inside source list 1 interface Dialer0 overload
    ip nat inside source static tcp 192.168.44.4 1723 interface Dialer0
    1723
    ip nat inside source static tcp 192.168.44.3 873 interface Dialer0 873
    ip nat inside source static tcp 192.168.44.3 2401 interface Dialer0
    2401
    ip nat inside source static tcp 192.168.44.3 22 interface Dialer0 22
    ip nat inside source static tcp 192.168.44.3 25 interface Dialer0 25
    ip nat inside source static tcp 192.168.44.3 80 interface Dialer0 80
    ip nat inside source static tcp 192.168.44.7 53 interface Dialer0 53
    ip nat inside source static udp 192.168.44.7 53 interface Dialer0 53
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.44.0 0.0.0.255
    access-list 2 remark HTTP Access-class list
    access-list 2 remark SDM_ACL Category=1
    access-list 2 permit 192.168.44.0 0.0.0.255
    access-list 2 deny any
    access-list 100 remark auto generated by SDM firewall configuration
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 remark auto generated by SDM firewall configuration
    access-list 101 remark SDM_ACL Category=1
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip 192.168.44.0 0.0.0.255 any
    access-list 101 deny ip host 0.0.0.0 any
    access-list 101 permit 41 any any
    access-list 101 permit gre any any
    access-list 101 permit tcp any any eq 1723
    access-list 101 permit tcp any any eq 873
    access-list 101 permit tcp any any eq 2401
    access-list 101 permit tcp any any eq 22
    access-list 101 permit udp any any eq domain
    access-list 101 permit tcp any any eq domain
    access-list 101 permit tcp any any eq smtp
    access-list 101 permit tcp any any eq www
    access-list 101 remark Auto generated by SDM for NTP (123)
    ntp2.mcc.ac.uk
    access-list 101 permit udp host 130.88.200.6 eq ntp any eq ntp
    access-list 101 remark Auto generated by SDM for NTP (123)
    ntp1.mcc.ac.uk
    access-list 101 permit udp host 130.88.200.98 eq ntp any eq ntp
    access-list 101 permit icmp any any echo
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 deny tcp any any eq 135
    access-list 101 deny tcp any any eq 139
    access-list 101 deny tcp any any eq 445
    access-list 101 deny ip any any log
    access-list 102 remark VTY Access-class list
    access-list 102 remark SDM_ACL Category=1
    access-list 102 permit ip 192.168.44.0 0.0.0.255 any
    access-list 102 deny ip any any
    access-list 199 permit 41 any any
    access-list 199 deny ip any any
    dialer-list 1 protocol ip permit
    no cdp run
    ipv6 route ::/0 Tunnel0
    !
    !
    control-plane
    !
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login authentication local_authen
    no modem enable
    transport output telnet
    line aux 0
    login authentication local_authen
    transport output telnet
    line vty 0 4
    access-class 102 in
    password xxxx
    authorization exec local_author
    login authentication local_authen
    transport input ssh
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    no process cpu extended
    no process cpu autoprofile hog
    ntp clock-period 17174925
    ntp server 130.88.200.98 source Dialer0
    ntp server 192.168.44.7 source Vlan1 prefer
    ntp server 130.88.200.6 source Dialer0
    end
     
    Tony Hoyle, Dec 8, 2005
    #4
  5. Tony Hoyle

    Tony Hoyle Guest

    Tony Hoyle wrote:

    > Already got that, and a default route (ipv6 route ::/0 Tunnel0).
    >
    >

    The problem is btexact was broke. I setup a tunnel with Hurricane
    Electric in the US and it worked first time... It's a 300ms ping to the
    first hop though..

    Now I have to work out the firewall.. it'd be easier if SDM supported
    ipv6 but that's not likely to happen, so I'll have to get to grips with
    building access lists manually (looks quite hard, as you can't delete
    individual entries or move them).
     
    Tony Hoyle, Dec 8, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cen
    Replies:
    1
    Views:
    4,351
    www.BradReese.Com
    Aug 17, 2005
  2. Bimmer
    Replies:
    0
    Views:
    4,205
    Bimmer
    Nov 8, 2005
  3. Simon Gronow

    Cisco 877 & Cisco 827 as backup

    Simon Gronow, Dec 17, 2006, in forum: Cisco
    Replies:
    2
    Views:
    544
    Simon Gronow
    Dec 18, 2006
  4. News Reader
    Replies:
    10
    Views:
    4,475
    Bob Moore
    Apr 19, 2008
  5. Mike Zanker

    Cisco 877 IPv6 issue

    Mike Zanker, Oct 17, 2009, in forum: Cisco
    Replies:
    2
    Views:
    1,133
    waydot
    Oct 30, 2009
Loading...

Share This Page