Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4616
Views
0
Helpful
2
Replies

Tunneling Between ipv4 networks with ipv6

Go to solution
patrick.peters
Level 1
Level 1

‎06-13-2011 03:46 AM - edited ‎03-01-2019 05:27 PM

I'm thinking about our transition from IPv4 to IPv6. 

Today, we have an IPv4 IPSEC tunnel to each of our customer sites (now over 300 locations).  We have carved a 32-address subnet (a /27) out of the IPv4 10.*.*.* private space for each customer.  Each of our customer sites has an ASA 5505 as their tunnel endpoint and we have a redundant pair of ASA 5520's to terminate the tunnels on our side.  We require our customers to get a static, public address for their 5505 so we can initiate the LAN-to-LAN tunnel from either direction.

Like most people, our initial focus for IPv6 is at the edge.  We already have an IPv6 /48 allocation from ARIN and our ISPs should be IPv6 ready this summer.  Given the upcoming shortage of IPv4 addresses, we're preparing for the day that we ask our customer to get a static, public IP address and the only available choice is IPv6.  To simplify the transition, we'd like to keep using the IPv4 networks at the customer sites for a while and just use IPv6 at the tunnel endpoints.  Does anyone know if the ASA's will support this?  I have seen comments that imply this, but I'd like to be sure while we decide on strategy.

Thanks

Patrick

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Andrew Ossipov
Cisco Employee
Cisco Employee

‎06-14-2011 02:59 PM

Hello Patrick,

In ASA 8.3 and later software, you should be able to terminate an L2L tunnel with IPv6 outside addressing and pass IPv4 traffic through it. Here are the currently supported scenarios:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_site2site.html#wp1055829

Hope this helps.

Andrew

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Andrew Ossipov
Cisco Employee
Cisco Employee

‎06-14-2011 02:59 PM

Hello Patrick,

In ASA 8.3 and later software, you should be able to terminate an L2L tunnel with IPv6 outside addressing and pass IPv4 traffic through it. Here are the currently supported scenarios:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_site2site.html#wp1055829

Hope this helps.

Andrew

0 Helpful

Go to solution
patrick.peters
Level 1
Level 1
In response to Andrew Ossipov

‎06-14-2011 06:47 PM

Great.  Thanks for the pointer.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card