Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1839
Views
0
Helpful
6
Replies

Cisco protocol=41 forwarding

diondohmen
Level 1
Level 1

‎12-07-2006 10:39 AM - edited ‎03-03-2019 02:57 PM

Dear community,

I am trying to set up a 6to4 tunnel on one of my local hosts. I have set up all required ipv6 addresses and default gw's. When I initiate a traceroute from a traceroute6 tool at SixXs, to my own IPv6 address, i am receiving the following entries in my "debug ip packet detail" screen:

*Nov 11 03:57:59: IP: s=TUNNELBROKERIPv4(FastEthernet4), d=MYIPv4(FastEthernet4), len 124, rcvd 3, proto=41

*Nov 11 03:57:59: IP: s=TUNNELBROKERIPv4 (FastEthernet4), d=MYIPv4, len 124, unknown protocol, proto=41

I have added the following entry to allow ipv6 in ipv4 packets:

"permit 41 any any"

My question is how come the router does not recognize the proto=41 but does allow me to configure a permit entry for ipv6 in ipv4 packets?

*Nov 11 03:58:35: %SEC-6-IPACCESSLOGNP: list WAN-IN permitted 41 213.121.24.x -> MyIPv4, 35 packets

Does anyone know how i can forward these communications to my inside host?

Thanks in advance,

Greetings

Labels:
0 Helpful
6 Replies 6

mark.edwards
Level 1
Level 1

‎12-08-2006 12:44 AM

Is your tunnel configured as "tunnel mode ipv6ip 6to4" ?

If yes then can you supply some configs?

0 Helpful

diondohmen
Level 1
Level 1
In response to mark.edwards

‎12-08-2006 01:03 AM

Hi mark,

Well the thing is, my tunnel endpoint is configured on my local linux host. See the following figure:

------- linux host 2.6 (ip tunnel mode sit) ----->>>---- cisco 2924 ----->>>--- cisco 851 (nat, permit 41 any) --->> inet cloud

But the cisco 851 does not seem to know how to handle the replies coming from the ipv6 tunnel broker back to my tunnel endpoint (the linux host). Maybe someone knows how i can forward these "unknown protocol" packets to the linux box.

Greets

0 Helpful

mark.edwards
Level 1
Level 1
In response to diondohmen

‎12-08-2006 01:16 AM

can you supply the config of the Cisco851 (I'm assuming this is where the packets are being dropped)?

0 Helpful

diondohmen
Level 1
Level 1
In response to mark.edwards

‎12-08-2006 01:26 AM

that's right, they are dropped at the Cisco 851's site. I am not at home right now, but i will supply you the config as soon as i am home.

Btw, I have also already mailed cisco support, why the 851 seems not to support ipv6 commands. I have bought this model especially because the product page described it should support all of the main ipv6 features. Apparently it does not, because the 850 only supports the advsecurity IOS instead of the advancedIP suite, which includes the IPv6 suite.

0 Helpful

diondohmen
Level 1
Level 1
In response to mark.edwards

‎12-08-2006 09:03 AM

mark,

there you go:

see attachment

greetings

Preview file
5 KB
0 Helpful

mark.edwards
Level 1
Level 1
In response to diondohmen

‎12-08-2006 01:07 PM

Can you confirm if traffic is being permitted outbound as the IP Inspect only allows TCP/UDP and ICMP.

My other concern is the NAT. IPV6 6to4 tunnels map the IPV6 destination address to a IPV4 address for transporting the traffic through the IPV4 network. If the IPV4 address is NATted this effectivley breakes the mapping between IPV4 and IPV6.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card