04-28-2014 01:03 PM - edited 03-04-2019 10:52 PM
Is it possible to run dual stack IP schemes over an ipsec-protected tunnel interface on IOS? I am able to assign the IPv6 addresses like a normal interface on both ends however when i try to ping across the tunnel with IPv6 there is no response. Here is an example of my config:
R1
-----------
interface Tunnel0
description Tunnel to R2
ip address 172.30.1.237 255.255.255.252
ip mtu 1400
ip nat inside
ip virtual-reassembly
load-interval 30
ipv6 address FE80::172:30:1:1 link-local
ipv6 address 2001:1::172:30:1:1/126
keepalive 5 4
tunnel source GigabitEthernet0/1
tunnel mode ipsec ipv4
tunnel destination 1.2.3.4
tunnel protection ipsec profile protect-gre
R2
-----
interface Tunnel0
description Tunnel to R1
ip address 172.30.1.238 255.255.255.252
ip mtu 1400
ip nat inside
ip virtual-reassembly
load-interval 30
ipv6 address 2001:1::172:30:1:2/126
ipv6 address FE80::172:30:1:2 link-local
keepalive 5 4
tunnel source FastEthernet0/1
tunnel destination 1.2.3.5
tunnel mode ipsec ipv4
tunnel protection ipsec profile protect-gre
The only solution i can clearly see is running a separate tunnel, which i would like to avoid. Any assistance is greatly appreciated!
07-31-2018 02:09 AM
07-31-2018 03:54 AM - edited 07-31-2018 03:57 AM
> tunnel mode ipsec ipv4
try to use gre
07-31-2018 08:00 PM
It may works but I still the IPSEC though ...
07-31-2018 10:17 PM
gre + tunnel protection
08-01-2018 12:52 AM
08-01-2018 01:32 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide