We recently got native IPv6 access through our provider, and we're announcing our own /32 behind our own BGP AS. Everything seems to be in order with the access itself, but there is some weird issues with some nodes.
A Cisco 6500 forms the core of the network. The interface which connects to the provider is in VRF x. VRF x also has a linknet to our firewall's (Cisco ASA 5520) outside interface.
The firewall has an interface which forms a linknet towards another interface in the 6500, belonging to VRF y. Finally, VRF y has a interface which acts as a gateway for a couple of servers with IPv6 connectivity.
The config of the VRF y gateway interface is like this (the IPs are just examples):
interface VlanXYZ vrf forwarding y ip address 10.1.10.1 255.255.255.0 secondary ip address 172.16.240.161 255.255.255.224 no ip redirects ipv6 address 2100:1cd0:0:10::1/64 ipv6 nd ra suppress
Now, the problem is like this:
If I ping one of the servers on IPv6 from the internet, I don't get any replies at all.
If I ping one of the servers on IPv6 from Interface VlanXYZ, I get replies.
If I ping one of the servers on IPv6 from the internet AFTER pinging it from Interface VlanXYZ, I get replies, and everything seems to work fine for some time.
What could be the cause of this?
Also, I have IPv6 connectivity on one client LAN. When I ping the servers on IPv6 in VlanXYZ from the client LAN I get replies, and this also seems to enable the outside to connect to the servers. The client LAN is going through the same firewall as traffic from the internet, but goes in through another interface.
The 6500 is running a sup720 with IOS s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH3a
The ASA 5520 is running 8.0.4.
When I try to syslog from the ASA, I get no messages containing info about IPv6 traffic, only IPv4.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...