We recently got native IPv6 access through our provider, and we're announcing our own /32 behind our own BGP AS. Everything seems to be in order with the access itself, but there is some weird issues with some nodes.
A Cisco 6500 forms the core of the network. The interface which connects to the provider is in VRF x. VRF x also has a linknet to our firewall's (Cisco ASA 5520) outside interface.
The firewall has an interface which forms a linknet towards another interface in the 6500, belonging to VRF y. Finally, VRF y has a interface which acts as a gateway for a couple of servers with IPv6 connectivity.
The config of the VRF y gateway interface is like this (the IPs are just examples):
vrf forwarding y
ip address 10.1.10.1 255.255.255.0 secondary
ip address 172.16.240.161 255.255.255.224
no ip redirects
ipv6 address 2100:1cd0:0:10::1/64
ipv6 nd ra suppress
Now, the problem is like this:
If I ping one of the servers on IPv6 from the internet, I don't get any replies at all.
If I ping one of the servers on IPv6 from Interface VlanXYZ, I get replies.
If I ping one of the servers on IPv6 from the internet AFTER pinging it from Interface VlanXYZ, I get replies, and everything seems to work fine for some time.
What could be the cause of this?
Also, I have IPv6 connectivity on one client LAN. When I ping the servers on IPv6 in VlanXYZ from the client LAN I get replies, and this also seems to enable the outside to connect to the servers. The client LAN is going through the same firewall as traffic from the internet, but goes in through another interface.
The 6500 is running a sup720 with IOS s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH3a
The ASA 5520 is running 8.0.4.
When I try to syslog from the ASA, I get no messages containing info about IPv6 traffic, only IPv4.