Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2385
Views
0
Helpful
4
Replies

ASA 5505 IPv6 PPPoE bug ?

ahzgid
Level 1
Level 1

‎06-21-2011 03:01 PM - edited ‎03-11-2019 01:48 PM

I moved my residential PPPoE termination point from a 876 router to an ASA 5505 running version 8.4(1).

Everything is ok beside IPv6...

At IPv4 through IPCP I get the interface address assigned and the relative default-route being set.

At IPv6 nothing happens...

Here is my config:

!

interface Vlan990

nameif outside

security-level 0

pppoe client vpdn group VDSL

ip address pppoe setroute

ipv6 address 2001:xxxx:xxxx:xxxx::1/64

ipv6 address fe80::227:dff:fe0e:27aa link-local

ipv6 address autoconfig

ipv6 enable

ipv6 nd reachable-time 2000

ipv6 nd ns-interval 30000

ipv6 nd dad attempts 3

!

interface Ethernet0/0

switchport access vlan 990

speed 100

duplex full

!

!

ipv6 icmp permit any echo-reply outside

ipv6 icmp permit any neighbor-advertisement outside

ipv6 icmp permit any neighbor-solicitation outside

ipv6 icmp permit any router-advertisement outside

ipv6 icmp permit any echo outside

ipv6 icmp permit any time-exceeded outside

ipv6 icmp permit any unreachable outside

!

...

!

vpdn group VDSL request dialout pppoe

vpdn group VDSL localname xxxx

vpdn group VDSL ppp authentication chap

vpdn username VDSL password xxxx store-local

!

The equivalent configuration on the 876 router work just fine.

Am I missing something or is this a bug ?

All ideas are welcome :-)

Dan

Labels:
0 Helpful
4 Replies 4

christempleton
Level 1
Level 1

‎06-25-2011 01:56 AM

I would also like an answer to this question as I (and another friend) have the very same issue.

following statements relate to ** IPv6 only **

We can ping from the ASA to a device on the local lan but we get nothing from the outside interface and all attempts to send things out get nowhere.  Our ISP have taken TCPDUMP's on the line to us and they see IPv6 packets being sent down but a TCPDUMP on the ASA (at the same time) shows NOTHING.

From what I can tell the static route isn't right on the ASA 5505 - you should be able to set a static to the interface rather than a next hop (as you can on IOS) because there is no next-hop within our ISP (and I suspect most others)

0 Helpful

ahzgid
Level 1
Level 1
In response to christempleton

‎06-25-2011 06:43 AM

Routing to an interface on IPv6 is not a good idea (due to the nature of the protocol).

You could use a route to the next-hop but usually ISPs tend to use link-local on virtual interfaces at the DSLAM side and those interfaces have the tendence to renumber when they apply a new config.

A consultant I know told me that as far as he knows the ASA doesn't support IPv6 over PPPoE at all.

The confusing part is that even when you enable PPPoE on the outside interface you're still allowed to configure IPv6 !

0 Helpful

shaskew-ibahn
Level 1
Level 1

‎10-20-2011 01:49 PM

I am seeing exactly the same behaviour - did you resolve your issue in the end, or is it an outstanding bug?

Thanks!

Steve

0 Helpful

ahzgid
Level 1
Level 1
In response to shaskew-ibahn

‎03-30-2013 07:22 PM

My workaroud for this is to use the 876 as PPPoE termination point in front of the ASA and route traffic.

IPv6 is simply routed between the ISP and the Outside (Static Addressing) interface of the ASA.

For IPv4 I use NAT both on the 876 and the ASA, with a 1:1 mapping between Publics and RFC1918 on the 876.

This allows me to keep the NAT management on the ASA.

It's a pity that the ASA is still not able to fulfill the IPv6 requirements for PPPoE...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card