10-22-2013 07:03 PM
I have been setting up l2l VPNs for a customer using ASA 5505s. Recently we needed to setup a system through an ipv6 zone. The customer did not want to run dual stack on the inside so we configured ipv4 l2l with ipv6 peers on the outside. I really thought this would be a simple thing, but it has proven otherwise. Both ASAs can ping each other's ipv6 peer IP. At first I could not even get any ike traffic. The ASA reported it could not determine egress interface for outbound ipv4 traffic. It seemed that it wanted a route (or some trigger) to get the traffic into the tunnel. I added a default ipv4 route to an ipv4 address I set on the outside interface. This actually got the tunnel to come up, but I still could not ping all the way through. I cannot seem to find any examples or anything for doing ipv4 l2l over ipv6 backbone. Any help or example would be greatly appreciated.
Shelby
10-23-2013 02:32 PM
bump.
10-23-2013 03:41 PM
I worked on this more today to no avail. Adding the static outbound routes to the ipv4 ip of the outside interface seemed to do the trick for getting outbound traffic to hit the cryptomap, but it was not hitting the RX map on the other end. I tried to do a static ipv6 route to the link local address of the inside but it gave an error about not allowing route to yourself. Funny that that it let me do this for ipv4. Both ASA show TX packets and zero RX.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide