Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3543
Views
0
Helpful
2
Replies

IPv6 Setup with Firewall - Connecting 2 different networks using Firewall

Go to solution
Jermy Franklin
Level 1
Level 1

‎04-15-2013 01:13 AM - edited ‎03-01-2019 05:40 PM

Hi,

I am trying to setup a small IPv6 lab with a Switch, Firewall & Router. Switch having one LAN segment & Router having one LAN segment between them there is a firewall and after all configurations setup Im tried to reach router LAN(2001:610:2222:2) from Switch LAN(2001:610:1000::3) vice-versa but not able to reach them via ping or mstsc(remote). Here is my setup diagram and I've attached my Switch, Router, Firewall Configuration so can anybody analyse them and help me to connect those different network using a firewall between them. I've attached Firewall connection log also when trying to take remote of Router LAN from Switch LAN.

IPv6 Setup.JPG

Regards,

Jermy Franklin

Labels:
15358400-IPv6_Switch Conf.TXT.zip
51 KB
15358398-IPv6_Router Conf.TXT.zip
15358399-IPv6_firewall Conf.TXT.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎04-15-2013 06:14 AM

Hi Jermy,

Unlike in ipv4, in ipv6 a static route with only the egress interface should only be used on a point to point interface. This is because ipv4 has concept of proxy arp, which ipv6 doesn't have. For your config to work, you should add the next-hop ipv6 address to your static route as follow:

router:

ipv6 route ::/0 2001:610:1111::2

switch:

ipv6 route ::/0 2001:610:1000::2

Hope this helps

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎04-15-2013 06:14 AM

Hi Jermy,

Unlike in ipv4, in ipv6 a static route with only the egress interface should only be used on a point to point interface. This is because ipv4 has concept of proxy arp, which ipv6 doesn't have. For your config to work, you should add the next-hop ipv6 address to your static route as follow:

router:

ipv6 route ::/0 2001:610:1111::2

switch:

ipv6 route ::/0 2001:610:1000::2

Hope this helps

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
Jermy Franklin
Level 1
Level 1

‎04-15-2013 08:08 AM

Hi Ritter,

Thanks Buddy., It is working now

0 Helpful
Customers Also Viewed These Support Documents