Thanks for your answer.

And if it is "IPv4 inside IPv6", does it work ? I mean : The tunnel is established with IPv6 (Client and remote site have an IPv6 public address) but the VPN stay in full IPv4 (Internal network) :VPN concentrator's DHCP give a private IPv4 to the client.

Does the Cisco Anyconnect VPN Client support IPv6 over IPSec ?

Armand

The Anyconnect VPN client will not specifically tunnel IPv4 inside IPv6, the client is dual-stack by design.  However, if you have add on software that tunnels the IPv4 inside IPv6, the IPv6 traffic should just be treated as any other IPv6 traffic.

As far as I can tell, the Anyconnect client only tunnels IPv6 inside SSL/DTLS.  I don't specifically see an IPv6 over IPSEC option.

Ok, thanks.

So, does the Cisco IPSec VPN Client is compatible with the network design I described ? That's I have to know..

Best regards,

Armand

You said  "IPv4 inside IPv6."  Since the VPN client does not support IPv6, that will not work.

However, if you tunnel the IPv6 inside IPv4 (using, for example, ISATAP) then the VPN client will carry that IPv4 traffic just like any other IPv4 traffic.

Hote that using tunneling protocols like ISATAP with the IPv6 capable AnyConnect client produces unpredictable results, since the AnyConnect client does its own IPv6 to IPv4 conversion.  I have hjad mixed results with ISATAP + AnyConnect, and the official message I got from development was "not supported."  If you want to run IPv6 over AnyConnect, you are best off using the built in AnytConnect IPv6 facilities.

Thanks for your answer.

When you say that Cisco IPSec Client does not support IPv6 : You mean that we can't assign an IPv6 address to the client once the connection is established (by the ASA DHCP pool for example) ? Or that we can't establish the tunnel over the IPv6 Internet (both endpoints are IPv6) ?

Can someone answer me ? (last post)