Hi Gustavo,

So these Site-Local addresses has been deprecated by IANA? I got the IPv6 addresses I've used so far from the Cisco IPv6 book, an old one so thats is probably why. But, is the "old" site-local ipv6 addresses the whole reason whick i can't ping between the pc's?

I will then change IPv6-address space. I havn't been doing a lot of work so far, so thanks for enlighten me.

BR

-Tom.

Tom, I didn't mean that the Site Local Address is the problem for your setup.

As you are running an experiment, I just wanted to make sure you were in the right direction from start.

I don't believe this is what is causing problem.

Did you enable ipv6 unicast-routing on ASA?

Can you paste a sanitized version of your ASA config file?

Cheers, Gustavo

Hi Gustavo,

No it's okey, i'll understand you and i shall change the ip address range. It would be unwise not to.

That command, ipv6 unicast-routing, i can see that command if i try too enable it. if i'm running conf t, ipv6 ? i can't see that command. Isn't it on by default on the ASA running ASA 8.4(1)

I get back to you tommorow regarding the ASA config. It's getting late here :-) Thanks again.

Hi Bruce,

When it comes to IPv6 there is no such thing as a silly question, right ;-)

To answer your question, Yes i have enabled IPv6 on the two ASA interfaces and yes i can ping them both from the ASA. I can also ping both pc's from the ASA, but i can't ping between the pc's using icmp6 :-(

I havn't run a packet capture, i havn't used that feature on the ASA so far, but maybe now is the time (or tommorow, it's getting kinda late now)

I'll set up a packet capture first thing in the morning. I'll get back to you on this tommorow.

Cheers,

Hi Philip,

Sorry for answering late, I've been away from work for a while.

Take a look at the notepad-doc, it's the route print from Test-PC1 and Test-PC2

BR

Tom

To recap:

Subnet A IPv6 address is: FEC0:0:0:1001::1/64

Subnet B IPv6 address is: FEC0:0:0:1003::1/64

Neither of the PCs below have an inetrface on FEC0:0:0:1003::1/64.  They are both on FEC0:0:0:1001::1/64

Test-pc1

CMD Route print

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination      Gateway

10    266 ::/0                     fe80::1

  1    306 ::1/128                  On-link

10    266 fe80::/64                On-link

10    266 fe80::b8b3:255e:dbce:dbbb/128

                                    On-link

10     18 fec0:0:0:1001::/64       On-link

10    266 fec0::1001:b8b3:255e:dbce:dbbb/128

                                    On-link

  1    306 ff00::/8                 On-link

10    266 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

Test-PC2

IP address via DHCPv6

CMD route print

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination      Gateway

  1    306 ::1/128                  On-link

11    266 fe80::/64                On-link

11    266 fe80::1172:a558:86ac:6f3/128

                                    On-link

11    266 fec0::1001:542b:699:3b6d:9a21/128

                                    On-link

  1    306 ff00::/8                 On-link

11    266 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

Hi Phillip,

Sorry but thats correct, i was trying to solve a problem in the fec0:0:0:1001::1/64 net. So because of that both pc's was placed in this 1001-net.

But i'm trying to get my two pc's to receive IPv6-address via DHCP (Win2008-server) and i have to tweak them via netch commands shouldn't a Win7 pc be able to receive a IPv6 dhcp-address without tweaking ?

Sent from Cisco Technical Support iPhone App

Hi Keith,

Hmm, can't seem to find path mtu as icmp6 among the different Service's when editing the ACLv6-list? Right now i have allowed icmp6 and echo-reply6 in the ACLv6. I'm configuring the ASA via ASDM, not CLI.

BR

Tom

Hi, Tom:

I haven't used ASDM to configure ipv6 on the ASA, but the command line option would be "ipv6 access-list permit-icmpv6 permit icmp any any packet-too-big". Here are the other ICMP types allowed in an ACL conifguration on an ASA:

configure mode commands/options:

  <0-255>                 Enter ICMP type number (0 - 255)

  echo                   

  echo-reply             

  inactive                Keyword for disabling an ACL element

  log                     Keyword for enabling log option on this ACL element

  membership-query       

  membership-reduction   

  membership-report      

  neighbor-advertisement 

  neighbor-redirect      

  neighbor-solicitation  

  packet-too-big         

  parameter-problem      

  router-advertisement   

  router-renumbering     

  router-solicitation    

  time-exceeded          

  time-range              Keyword for attaching time-range option to this ACL

                          element

  unreachable           

Hi Wen, thanks for your help, i have now configured it via ASDM. Great, thanks for your help.

BR

Tom

Sent from Cisco Technical Support iPhone App