we followed the instructions on how to enable anyconnect for IPv6. They seem to be dated since they mention that ASDM does not support IPv6 but it does.
The problem is as follows: when an anyconnect client connects to the external IPv6 address of the ASA then the ASA does not see that as SSL VPN connection but drops it.
3 Aug 07 2009 13:54:17 710003 2001:610:b20:b02:21b:63ff:fe01:601c 50756 ochre6-ext 443 TCP access denied by ACL from 2001:610:b20:b02:21b:63ff:fe01:601c/50756 to outside:ochre6-ext/443
It seems as if the SSL VPN option on the interface doesnot apply to IPv6. Does anyone know how I could enable this for IPv6 SSL VPNs to be accepted?
Also there is a difference in the way Anyconnect works on VISTA and on OS X.
On OS X the Anyconnect Client accepts IPv6 adresses as VPN gateway and tries to establish a native IPv6 SSL VPN. But it does not work because of the above described. If an IPv4 VPN is established the IPv4 client does not get an IPv6 pool address.
On VISTA the Anyconnect client does not seem to accept native IPv6 addresses for the VPN Gateway address. However if an IPv4 tunnel is established clients get both an IPv4 and an IPv6 pool address.
I am now confused as to what is supposed to work and how. Our goal would be to establish native IPv6 anyconnect VPNs.
The AnyConnect client allows access to IPv6 resources over a public IPv4 connection (only for Windows XP SP2, Windows Vista, Mac OS X, and Linux). You must use the command line interface to configure IPv6 access. ASDM does not support IPv6. You enable IPv6 access using the ipv6 enable command as part of enabling SSL VPN connections.
Do you know if that's the case for all VPN connections or just Any Connect connections?
I'm trying to setup a VPN over IPv6 (site to site) between my 5505 and 5520. I think I have everything set up correctly, but the VPN won't start. If I reboot the 5505, it will ping the 5520 via IPv6 when it's back online, but nothing else happens.
I'm seeing the same problem. When I try to access the WebVPN service with a browser I get denies in the logs claiming "TCP access denied by ACL from ..." although "self originated" traffic doesn't go through interface ACLs (well at least on IPv4). And I'm seeing the same as you on the asp table. No sockets other than management are listening on the IPv6 adresses. Even the "Packet Tracer" claims that access gets denied by an implicit rule, although the interface access list doesn't use implicit rules at all.
Has anybody at Cisco ever tried to run WebVPN over IPv6 on an ASA?
Just got the confirmation. Today ASA/AnyConnect only supports IPv4 for transportation. Within the tunnel there can be IPv6 packets. Forthcoming releases will support also IPv6 as transportation media. But don't know when.
I'm looking for an ASA/AnyConnect IPv6 over IPv4 SSL/DTLS configuration example (command line).
We followed the basic instructions on how to enable IPv6 on the ASA 5500 (SW 8.4.3 ED) and finally
assigned a IPv6 Pool to a existing Group-Policy. After the VPN connection is established no IPv6 address
is assigned to the AnyConnect Client.
Can anyone help?
PS: Please don't ask me for my current configuration. I don't have access to the affected ASA - It's just a try to support a colleague. I need only a working tunnel connection for IPv6 testing to the internet.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...