Re: Dual stack on tunnel interface

The.Sorrow · ‎04-28-2014

Is it possible to run dual stack IP schemes over an ipsec-protected tunnel interface on IOS? I am able to assign the IPv6 addresses like a normal interface on both ends however when i try to ping across the tunnel with IPv6 there is no response. Here is an example of my config:

R1

-----------

interface Tunnel0
description Tunnel to R2
ip address 172.30.1.237 255.255.255.252
ip mtu 1400
ip nat inside
ip virtual-reassembly
load-interval 30
ipv6 address FE80::172:30:1:1 link-local
ipv6 address 2001:1::172:30:1:1/126
keepalive 5 4
tunnel source GigabitEthernet0/1
tunnel mode ipsec ipv4
tunnel destination 1.2.3.4
tunnel protection ipsec profile protect-gre

R2

-----

interface Tunnel0
description Tunnel to R1
ip address 172.30.1.238 255.255.255.252
ip mtu 1400
ip nat inside
ip virtual-reassembly
load-interval 30
ipv6 address 2001:1::172:30:1:2/126
ipv6 address FE80::172:30:1:2 link-local
keepalive 5 4
tunnel source FastEthernet0/1
tunnel destination 1.2.3.5
tunnel mode ipsec ipv4
tunnel protection ipsec profile protect-gre

The only solution i can clearly see is running a separate tunnel, which i would like to avoid. Any assistance is greatly appreciated!

Alexander Simbun · ‎07-31-2018

I have similar problem as well. It seems it is not supported on IOS version 15.x and below. Unless on newer IOS (XE) 16.x.

Can anyone correct me ?

a.alekseev · ‎07-31-2018

> tunnel mode ipsec ipv4

try to use gre

Alexander Simbun · ‎07-31-2018

It may works but I still the IPSEC though ...

a.alekseev · ‎07-31-2018

gre + tunnel protection

Alexander Simbun · ‎08-01-2018

It works. I can ping from both side of the tunnel. But IPv6 OSPF doesn't work through this tunnel even I configured the IPv6 OSPF network point-to-point statement under the tunnel. Any idea to make it work?

a.alekseev · ‎08-01-2018

show the configurations