Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-to-Site 4in6 VPN

I have been setting up l2l VPNs for a customer using ASA 5505s.  Recently we needed to setup a system through an ipv6 zone.  The customer did not want to run dual stack on the inside so we configured ipv4 l2l with ipv6 peers on the outside.  I really thought this would be a simple thing, but it has proven otherwise.  Both ASAs can ping each other's ipv6 peer IP.  At first I could not even get any ike traffic.  The ASA reported it could not determine egress interface for outbound ipv4 traffic.  It seemed that it wanted a route (or some trigger) to get the traffic into the tunnel.  I added a default ipv4 route to an ipv4 address I set on the outside interface.  This actually got the tunnel to come up, but I still could not ping all the way through.  I cannot seem to find any examples or anything for doing ipv4 l2l over ipv6 backbone.  Any help or example would be greatly appreciated.

Shelby

2 REPLIES
New Member

Site-to-Site 4in6 VPN

bump.

New Member

Site-to-Site 4in6 VPN

I worked on this more today to no avail.  Adding the static outbound routes to the ipv4 ip of the outside interface seemed to do the trick for getting outbound traffic to hit the cryptomap, but it was not hitting the RX map on the other end.  I tried to do a static ipv6 route to the link local address of the inside but it gave an error about not allowing route to yourself.  Funny that that it let me do this for ipv4.  Both ASA show TX packets and zero RX.

226
Views
0
Helpful
2
Replies