Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

VPN users can't use IPV6

My VPN users are able to access IPV4 resources, but not IPV6, all of my other user who are not VPN users are able to access everything V4 and V6.  Can anyone help me figure out what I have configured wrong?

So my network goes:

IPV4 flow = FIOS > ASA5505(IPV4 Router) > Switch > ipv4 Clients

IPV6 flow = FIOS > ASA5505(IPV4 Router) > switch > win2k8 (IPV6 Router / Tunnel) > ipv6 clients

Here is my current config: https://gist.github.com/3276764                   

Here is my tunnel info:

IPv6 Tunnel Endpoints

Server IPv4 Address:216.66.22.2

Server IPv6 Address:2001:470:7:1044::1/64

Client IPv4 Address:108.18.224.211

Client IPv6 Address:2001:470:7:1044::2/64

Available DNS Resolvers

Anycasted IPv6 Caching Nameserver:2001:470:20::2

Anycasted IPv4 Caching Nameserver:74.82.42.42

Routed IPv6 Prefixes

Routed /64:2001:470:8:1044::/64

Routed /48:

Everyone's tags (6)
1 REPLY

Re: VPN users can't use IPV6

Hi Bro

As you’re aware the Cisco Remote Access VPN doesn't support IPv6. You could refer to this Cisco document http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/vpnrmote.html

under Guidelines and Limitations.

However, in your case, you’re using Cisco AnyConnect. Hence, it is possible to support IPv6 through a Cisco VPN Client connection by using host-based tunnels (dynamic or static). One example of this is to leverage Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) (RFC 5214) on the remote client along with an established Cisco VPN Client connection.

Remember that ISATAP is a host-based tunnel that can provide tunneled IPv6 connectivity between the host and a router, Layer 3 switch, or server. The idea is that after a Cisco VPN Client connection has been made, there should be a routing path between the host and the tunnel endpoint located inside the enterprise network. The Cisco VPN Client enables tunneled traffic through the IPv4 IPsec connection. You could refer to this URL for further details http://what-when-how.com/ipv6-for-enterprise-networks/remote-access-for-ipv6-using-cisco-vpn-client/

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
2207
Views
0
Helpful
1
Replies
CreatePlease to create content