https://community.cisco.com/t5/network-security/vpn-users-can-t-use-ipv6/m-p/1993353#M401164 <HTML><HEAD></HEAD><BODY><P style="text-align: justify;">Hi Bro</P><P style="text-align: justify;">As you’re aware the Cisco Remote Access VPN doesn't support IPv6. You could refer to this Cisco document <A href="http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/vpnrmote.html">http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/vpnrmote.html</A></P><P style="text-align: justify;">under Guidelines and Limitations.</P><P></P><P style="text-align: justify;">However, in your case, you’re using Cisco AnyConnect. Hence, it is possible to support IPv6 through a Cisco VPN Client connection by using host-based tunnels (dynamic or static). One example of this is to leverage Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) (RFC 5214) on the remote client along with an established Cisco VPN Client connection. </P><P></P><P style="text-align: justify;">Remember that ISATAP is a host-based tunnel that can provide tunneled IPv6 connectivity between the host and a router, Layer 3 switch, or server. The idea is that after a Cisco VPN Client connection has been made, there should be a routing path between the host and the tunnel endpoint located inside the enterprise network. The Cisco VPN Client enables tunneled traffic through the IPv4 IPsec connection. You could refer to this URL for further details <A href="http://what-when-how.com/ipv6-for-enterprise-networks/remote-access-for-ipv6-using-cisco-vpn-client/">http://what-when-how.com/ipv6-for-enterprise-networks/remote-access-for-ipv6-using-cisco-vpn-client/</A></P></BODY></HTML> Fri, 17 Aug 2012 04:11:54 GMT Ramraj Sivagnanam Sivajanam 2012-08-17T04:11:54Z https://community.cisco.com/t5/network-security/vpn-users-can-t-use-ipv6/m-p/1993352#M401163 <P>My VPN users are able to access IPV4 resources, but not IPV6, all of my other user who are not VPN users are able to access everything V4 and V6.&nbsp; Can anyone help me figure out what I have configured wrong?</P><P></P><P>So my network goes: </P><P></P><P>IPV4 flow = FIOS &gt; ASA5505(IPV4 Router) &gt; Switch &gt; ipv4 Clients </P><P>IPV6 flow = FIOS &gt; ASA5505(IPV4 Router) &gt; switch &gt; win2k8 (IPV6 Router / Tunnel) &gt; ipv6 clients</P><P></P><P>Here is my current config: <A href="https://gist.github.com/3276764" target="_blank">https://gist.github.com/3276764</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P></P><P>Here is my tunnel info:</P><P></P><P>IPv6 Tunnel Endpoints</P><P style="padding: 3px; border: none; font-size: 14px; font-family: arial, sans-serif; color: #222222; background-color: #ffffff;">Server IPv4 Address:216.66.22.2</P><P style="padding: 3px; border: none; font-size: 14px; font-family: arial, sans-serif; color: #222222; background-color: #ffffff;">Server IPv6 Address:2001:470:<STRONG style="font-size: 14px;">7</STRONG>:1044::1/64</P><P style="padding: 3px; border: none; font-size: 14px; font-family: arial, sans-serif; color: #222222; background-color: #ffffff;">Client IPv4 Address:<A href="http://tunnelbroker.net/ipv4_update.php?tid=140115" id="edit_ipv4z" style="color: #222222; font-weight: bold; font-size: 14px;" title="Edit Endpoint" target="_blank">108.18.224.211</A></P><P style="padding: 3px; border: none; font-size: 14px; font-family: arial, sans-serif; color: #222222; background-color: #ffffff;">Client IPv6 Address:2001:470:<STRONG style="font-size: 14px;">7</STRONG>:1044::2/64</P><P style="padding: 3px; margin: 8px 0px 0px; border-style: solid none none; border-top-width: 1px; border-top-color: black; font-size: 14px; font-family: arial, sans-serif; font-weight: bold; color: #222222; background-color: #ffffff;">Available DNS Resolvers</P><P style="padding: 3px; border: none; font-size: 14px; font-family: arial, sans-serif; color: #222222; background-color: #ffffff;">Anycasted IPv6 Caching Nameserver:2001:470:20::2</P><P style="padding: 3px; border: none; font-size: 14px; font-family: arial, sans-serif; color: #222222; background-color: #ffffff;">Anycasted IPv4 Caching Nameserver:74.82.42.42</P><P style="padding: 3px; margin: 8px 0px 0px; border-style: solid none none; border-top-width: 1px; border-top-color: black; font-size: 14px; font-family: arial, sans-serif; font-weight: bold; color: #222222; background-color: #ffffff;">Routed IPv6 Prefixes</P><P style="padding: 3px; border: none; font-size: 14px; font-family: arial, sans-serif; color: #222222; background-color: #ffffff;">Routed /64:2001:470:<STRONG style="font-size: 14px;">8</STRONG>:1044::/64</P><P style="padding: 3px; border: none; font-size: 14px; font-family: arial, sans-serif; color: #222222; background-color: #ffffff;">Routed /48:</P> Mon, 11 Mar 2019 23:38:55 GMT https://community.cisco.com/t5/network-security/vpn-users-can-t-use-ipv6/m-p/1993352#M401163 danbryan80 2019-03-11T23:38:55Z https://community.cisco.com/t5/network-security/vpn-users-can-t-use-ipv6/m-p/1993353#M401164 <HTML><HEAD></HEAD><BODY><P style="text-align: justify;">Hi Bro</P><P style="text-align: justify;">As you’re aware the Cisco Remote Access VPN doesn't support IPv6. You could refer to this Cisco document <A href="http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/vpnrmote.html">http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/vpnrmote.html</A></P><P style="text-align: justify;">under Guidelines and Limitations.</P><P></P><P style="text-align: justify;">However, in your case, you’re using Cisco AnyConnect. Hence, it is possible to support IPv6 through a Cisco VPN Client connection by using host-based tunnels (dynamic or static). One example of this is to leverage Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) (RFC 5214) on the remote client along with an established Cisco VPN Client connection. </P><P></P><P style="text-align: justify;">Remember that ISATAP is a host-based tunnel that can provide tunneled IPv6 connectivity between the host and a router, Layer 3 switch, or server. The idea is that after a Cisco VPN Client connection has been made, there should be a routing path between the host and the tunnel endpoint located inside the enterprise network. The Cisco VPN Client enables tunneled traffic through the IPv4 IPsec connection. You could refer to this URL for further details <A href="http://what-when-how.com/ipv6-for-enterprise-networks/remote-access-for-ipv6-using-cisco-vpn-client/">http://what-when-how.com/ipv6-for-enterprise-networks/remote-access-for-ipv6-using-cisco-vpn-client/</A></P></BODY></HTML> Fri, 17 Aug 2012 04:11:54 GMT https://community.cisco.com/t5/network-security/vpn-users-can-t-use-ipv6/m-p/1993353#M401164 Ramraj Sivagnanam Sivajanam 2012-08-17T04:11:54Z