I am in the process of setting up an IPv6 Tunnel Broker on a 1811 router I have in my home lab so I can start working with IPv6 and getting access to IPv6 only websites and/or content. I believe that I have the 1811 setup correctly but am having problems getting the Tunnel Broker traffic (which is IPv4 based) to pass through my ASA. I know that I need to allow protocol 41 to come through from the outside but cant seem to find a way to get it to go through.
I am using 8.2.5 firmware on my 5505. I would prefer to not have to upgrade to 8.3 or 8.4 because of the way the NAT rules and some other things change. My ISP only offers me a single IP address. Would prefer not to have to upgrade to business service to get multiple ip addresses. I have been looking for docs on how to do this but so far havent found anything that points me in the right direction.
Ran a protocol capture and noticed this error in the ASDM log - 3Jan 18 2012 19:16:20220.127.116.11regular translation creation failed for protocol 41 src Inside:192.168.1.100 dst Outside:18.104.22.168
In looking at the rules, it appears that I need an access rule to allow the protocol 41 traffic to go outbound.
Added these lines to the ASA config -
object-group protocol IPV6inIP
access-list inside_access_in line 2 extended permit object-group IPV6inIP any any
Still getting the above error after putting the config lines just listed. Beginning to suspect that the 8.2.5 binary doesnt support protocol forwarding. I dont see the traffic leaving the ASA, so that would seem to indicate that 8.2.5 cant do protocol forwarding in the NAT rules.
Any suggestions/links appreciated,