Cisco 1921 Router, Internet client acces works only with ipv4 - Page 3

macgyver1988 · ‎10-03-2016

Hi,

theres an Cisco 1921er Router within an SEC Lic. My Provider does DUALSTACK on WAN (ipv4 and ipv6).

My Problem: Clients on GigabitEthernet0/1 can only via ipv4 on the Internet,by enable IPV6 it will not works

when disable ipv4 and actiate ipv6 on the client( e.g. like an MAC OS X PC) , then only google.de works....

maybe i may something wrong? Can someone help me please?

<code>

Cisco1921#show running-config
Building configuration...

Current configuration : 6950 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname Cisco1921
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 10
enable secret 5 $1$LhN7$kX2KVBkrnJKrKopjJiE/o/
!
no aaa new-model
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
!
!
!
!
!
!
!
ip dhcp binding cleanup interval 600
ip dhcp excluded-address 192.168.50.170 192.168.50.254
ip dhcp excluded-address 192.168.50.1 192.168.50.153
!
ip dhcp pool Internal Network
network 192.168.50.0 255.255.255.0
domain-name soho.intern
default-router 192.168.50.2
dns-server 192.168.50.2
!
!
!
ip domain name soho.intern
ip name-server 212.18.0.5
ip name-server 212.18.3.5
ip name-server 2001:A60::53:1
ip name-server 2001:A60::53:2
ip inspect name Firewall udp
ip inspect name Firewall sip
ip inspect name Firewall rtsp
ip inspect name Firewall ftp
ip inspect name Firewall icmp
ip inspect name Firewall pptp
ip inspect name Firewall tcp
ip inspect name Firewall https
ip inspect name Firewall pop3s
ip inspect name Firewall smtp
ip inspect name Firewall imaps
ip cef
ipv6 unicast-routing
ipv6 dhcp pool NODE-DHCPV6
dns-server 2001:A60::53:1
dns-server 2001:A60::53:2
domain-name soho.intern
!
ipv6 inspect name inspectv6 tcp
ipv6 inspect name inspectv6 udp
ipv6 inspect name inspectv6 icmp
ipv6 inspect name inspectv6 ftp
ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-3541750139
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3541750139
revocation-check none
rsakeypair TP-self-signed-3541750139
!
!
crypto pki certificate chain TP-self-signed-3541750139
certificate self-signed 01
XXXXXXX
6BCD837F 3B77ED7C E35EB8E4 506E08
        quit
license udi pid CISCO1921/K9 sn FXXXXX
!
!
username user4754 password 7 XXXXXXXXXX
!
redundancy
!
!
!
!
!
controller VDSL 0/1/0
firmware filename flash:VA_A_39m_B_38u_24h.bin
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
description NETWORK INTERN
ip address 192.168.50.2 255.255.255.0
ip access-group 111 out
ip accounting output-packets
ip accounting access-violations
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
ipv6 address NODE-PD ::1:0:0:0:1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server NODE-DHCPV6 rapid-commit preference 1 allow-hint
ipv6 verify unicast reverse-path
ipv6 inspect inspectv6 out
no mop enabled
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/1/0.1 point-to-point
pvc 1/32
bridge-dot1q encap 40
pppoe-client dial-pool-number 1
!
!
interface Ethernet0/1/0
no ip address
no ip route-cache
!
interface Ethernet0/1/0.40
encapsulation dot1Q 40
no ip route-cache
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/0
description NETWORK VOIP
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
!
interface Dialer0
description VDSL Einwahl Interface to ISP MNET
mtu 1492
ip address negotiated
ip access-group 111 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect Firewall out
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 1800 inbound
dialer-group 1
ipv6 address NODE-PD ::FF:0:0:0:1/128
ipv6 enable
ipv6 mtu 1492
ipv6 dhcp client pd NODE-PD rapid-commit
ipv6 verify unicast reverse-path
ipv6 inspect inspectv6 out
ipv6 traffic-filter native-ipv6-Firewall in
no keepalive
ppp authentication pap chap callin
ppp chap hostname XXXXXXXXX@mdsl.mnet-online.de
ppp chap password 7 XXXXXXX
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp route default
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip dns server
no ip nat service sip udp port 5060
ip nat inside source list 101 interface Dialer0 overload
!
dialer-list 1 protocol ip list 101
ipv6 route ::/0 Dialer0
!
!
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any eq domain any
access-list 111 permit udp any eq ntp any
access-list 111 permit gre any any
access-list 111 permit udp any eq bootps any
access-list 111 permit udp any any eq 546
access-list 111 permit udp any eq 5060 any
access-list 111 deny   ip any any log
!
ipv6 access-list native-ipv6-Firewall
permit icmp any any
permit udp 2001::/56 eq 547 2001::/56
permit udp FE80::/10 eq 547 FE80::/10
permit tcp 2001::/56 eq 547 2001::/56
permit tcp any any established
permit udp any any eq 546
deny ipv6 any any
!
control-plane
!
!
!
line con 0
logging synchronous
login local
transport preferred none
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 XXXXXXXX
login local
transport preferred none
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

</code>

Annother Commands , maybe helpful?

<code>
Cisco1921#sh ipv6 int brief
Em0/0                  [administratively down/down]
    unassigned
GigabitEthernet0/0     [administratively down/down]
    unassigned
GigabitEthernet0/1     [up/up]
    FE80::669E:F3FF:FE57:B41
    2001:A61:20F8:C401::1
ATM0/1/0               [up/up]
    unassigned
ATM0/1/0.1             [up/up]
    unassigned
Ethernet0/1/0          [down/down]
    unassigned
Ethernet0/1/0.40       [down/down]
    unassigned
GigabitEthernet0/0/0   [down/down]
    unassigned
GigabitEthernet0/0/1   [down/down]
    unassigned
GigabitEthernet0/0/2   [down/down]
    unassigned
GigabitEthernet0/0/3   [down/down]
    unassigned
Dialer0                [up/up]
    FE80::669E:F3FF:FE57:B40
    2001:A61:20F8:C4FF::1
NVI0                   [up/up]
    unassigned
Virtual-Access1        [up/up]
    unassigned
Virtual-Access2        [up/up]
    FE80::669E:F3FF:FE57:B40
Vlan1                  [down/down]
    unassigned
</code>

This are my IPs from the DHCP on Cisco .....

IPV6:Addresse: 2001:a61:20f8:c401:aa20:66ff:fe52:4e84 Prefix 64
IPV6:Addresse: 2001:a61:20f8:78bd:3de2:4de2:aed5:1c82 Prefix 64
Router IPV6___:fe80::669e:f3ff:fe57:b41
DNS :dns-server 2001:A60::53:1 (from ISP)
DNS:dns-server dns-server 2001:A60::53:2 (from ISP)

by checking ipv6 on Clientbrowser like Firefox (howismyipv6.com),, i also may get the following ipv6:
2001:A61:20F8:C401:34DF:A000:EFF4:2015

some more Commands....

<code>
Cisco1921#show ipv6 int
GigabitEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B41
No Virtual link-local address(es):
Description: NETWORK INTERN
General-prefix in use for addressing
Global unicast address(es):
    2001:A61:20F8:C401::1, subnet is 2001:A61:20F8:C401::/64 [CAL/PRE]
      valid lifetime 5731 preferred lifetime 2131
Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:2
    FF02::1:FF00:1
    FF02::1:FF57:B41
    FF05::1:3
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Input features: Common Flow Table Stile classification Common pak subblock Verify Unicast Reverse-Path
Output features: Common Flow Table Stile Classification Firewall Inspection
IPv6 verify source reachable-via rx, allow default
   17 verification drop(s) (process), 0 (CEF)
   0 suppressed verification drop(s) (process), 0 (CEF)
Outbound Inspection Rule inspectv6
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
Hosts use DHCP to obtain other configuration.
Dialer0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B40
No Virtual link-local address(es):
Description: VDSL Einwahl Interface to ISP MNET
General-prefix in use for addressing
Global unicast address(es):
    2001:A61:20F8:C4FF::1, subnet is 2001:A61:20F8:C4FF::1/128 [CAL/PRE]
      valid lifetime 5731 preferred lifetime 2131
Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF00:1
    FF02::1:FF57:B40
MTU is 1492 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Input features: Common Flow Table Stile classification Dialer i/f override Common pak subblock Access List Verify Unicast Reverse-Path
Output features: Common Flow Table Stile Classification Firewall Inspection
Inbound access list native-ipv6-Firewall
IPv6 verify source reachable-via rx, allow default
   130 verification drop(s) (process), 0 (CEF)
   0 suppressed verification drop(s) (process), 0 (CEF)
Outbound Inspection Rule inspectv6
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
Virtual-Access2 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B40
No Virtual link-local address(es):
Description: VDSL Einwahl Interface to ISP MNET
No global unicast address is configured
Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF57:B40
MTU is 1492 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Input features: Dialer i/f override Common pak subblock
Output features: Firewall Inspection Dialer idle reset
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
</code>

<code>
Cisco1921#show ipv6 dhcp pool
DHCPv6 pool: NODE-DHCPV6
DNS server: 2001:A60::53:1
DNS server: 2001:A60::53:2
Domain name: soho.intern
Active clients: 0
</code>

Hmm why is Active Clients:0??? theres only a Cisco connected to the WAN PORT (EHWIC.VA-DSL-B, and GigabitEthernet0/1 ) connected with my MACOSX....., so one Client..

should there also being one? but why ZERO=?????
NACHTRAG:
Some LOGS from Console.....

<code>
*Oct 3 09:53:50: %IPV6_ROUTING-3-RIB: ipv6_is_addr_ours called for link-local address with wrong tableid -Process= "DNS Server", ipl= 0, pid= 433
-Traceback= 22B31DC4z 22B321B8z 22B35E70z 22B35FF8z 210329D0z 210329B4z
*Oct 3 09:54:00: %IPV6_ROUTING-3-RIB: ipv6_is_addr_ours called for link-local address with wrong tableid -Process= "DNS Server", ipl= 0, pid= 433
-Traceback= 22B31DC4z 22B321B8z 22B35E70z 22B35FF8z 210329D0z 210329B4z
*Oct 3 09:54:50: %IPV6_ROUTING-3-RIB: ipv6_is_addr_ours called for link-local address with wrong tableid -Process= "DNS Server", ipl= 0, pid= 433
-Traceback= 22B31DC4z 22B321B8z 22B35E70z 22B35FF8z 210329D0z 210329B4z
*Oct 3 09:54:50: %IPV6_ROUTING-3-RIB: ipv6_is_addr_ours called for link-local address with wrong tableid -Process= "DNS Server", ipl= 0, pid= 433
-Traceback= 22B31DC4z 22B321B8z 22B35E70z 22B35FF8z 210329D0z 210329B4z
*Oct 3 09:54:50: %IPV6_ROUTING-3-RIB: ipv6_is_addr_ours called for link-local address with wrong tableid -Process= "DNS Server", ipl= 0, pid= 433
-Traceback= 22B31DC4z 22B321B8z 22B35E70z 22B35FF8z 210329D0z 210329B4z

</code>

<code>
Cisco1921#show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
       NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       a - Application
S   ::/0 [1/0]
     via Dialer0, directly connected
S   2001:A61:20F8:C400::/56 [1/0]
     via Null0, directly connected
C   2001:A61:20F8:C401::/64 [0/0]
     via GigabitEthernet0/1, directly connected
L   2001:A61:20F8:C401::1/128 [0/0]
     via GigabitEthernet0/1, receive
LC 2001:A61:20F8:C4FF::1/128 [0/0]
     via Dialer0, receive
L   FF00::/8 [0/0]
     via Null0, receive

</code>

Thanks

Regards brooks

macgyver1988 · ‎10-10-2016

Thanks for yor answer. I will try it when i am be back from holiday!

Georg Pauwen · ‎10-11-2016

Hello,

happy holiday ! Who is your provider anyway ? Maybe I can find out something from them in the meantime...

macgyver1988 · ‎10-11-2016

My ISP is MNet Germany , contract name: call and surf comfort , privat, Not Business

Georg Pauwen · ‎10-11-2016

Thanks, I'll try and find out...

macgyver1988 · ‎10-12-2016

Hi,

this maybe interesting for you for ?

traceroute6 on mac
</code>
user4754s-iMac:~ user4754$ traceroute6 egun.de
traceroute6 to egun.de (2001:1bc0:af::a1) from 2001:a61:313b:6200:e9d9:3f89:8ee1:39d2, 64 hops max, 12 byte packets
1 2001:a61:313b:6200::1 0.778 ms 0.630 ms 0.481 ms
2 2001:a60::89:301:1 65.229 ms 74.634 ms 249.067 ms
3 2001:a60::69:0:2:2 63.538 ms 64.057 ms 65.555 ms
4 decix1.eurotransit.net 63.550 ms 58.036 ms 63.219 ms
5 www.egun.de ; 58.387 ms 60.543 ms 66.762 ms
</code>

Traceroute von Cisco über GIgabitEThernet0/1

<code>
Cisco1921#traceroute
Protocol [ip]: ipv6
Target IPv6 address: 2001:1BC0:AF::A1
Source address: 2001:A61:313B:6200::1
Insert source routing header? [no]:
Numeric display? [no]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Priority [0]:
Port Number [0]:
Type escape sequence to abort.
Tracing the route to egun.de (2001:1BC0:AF::A1)

1 2001:A60::89:301:1 68 msec 72 msec 68 msec
2 2001:A60::69:0:2:2 60 msec 80 msec 64 msec
3 decix1.eurotransit.net (2001:7F8::73F6:0:1) 68 msec 60 msec 60 msec
4 egun.de (2001:1BC0:AF::A1) 64 msec 64 msec 64 msec
Cisco1921#
</code>

<code>Traceroute von Cisco über Dialer0
Cisco1921#traceroute
Protocol [ip]: ipv6
Target IPv6 address: 2001:1BC0:AF::A1
Source address: 2001:A61:313B:62FF::1
Insert source routing header? [no]:
Numeric display? [no]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Priority [0]:
Port Number [0]:
Type escape sequence to abort.
Tracing the route to egun.de (2001:1BC0:AF::A1)

1 2001:A60::89:301:1 72 msec 52 msec 256 msec
2 2001:A60::69:0:2:2 56 msec 140 msec 64 msec
3 decix1.eurotransit.net (2001:7F8::73F6:0:1) 60 msec 68 msec 64 msec
4 egun.de (2001:1BC0:AF::A1) 52 msec 60 msec 56 msec
Cisco1921#
</code>

<code>
Cisco1921#sh ipv6 int brief
Em0/0                  [administratively down/down]
    unassigned
GigabitEthernet0/0     [administratively down/down]
    unassigned
GigabitEthernet0/1     [up/up]
    FE80::669E:F3FF:FE57:B41
    2001:A61:313B:6200::1
    FD00:1234:5678::1
    FD00:8765:4321::1
ATM0/1/0               [up/up]
    unassigned
ATM0/1/0.1             [up/up]
    unassigned
Ethernet0/1/0          [down/down]
    unassigned
Ethernet0/1/0.40       [down/down]
    unassigned
GigabitEthernet0/0/0   [down/down]
    unassigned
GigabitEthernet0/0/1   [down/down]
    unassigned
GigabitEthernet0/0/2   [down/down]
    unassigned
GigabitEthernet0/0/3   [down/down]
    unassigned
Dialer0                [up/up]
    FE80::179:1
    2001:A61:313B:62FF::1
NVI0                   [up/up]
    unassigned
Tunnel0                [up/up]
    FE80::669E:F3FF:FE57:B40
    unnumbered (GigabitEthernet0/1)
Virtual-Access1        [up/up]
    unassigned
Virtual-Access2        [up/up]
    FE80::669E:F3FF:FE57:B40
Vlan1                  [down/down]
    unassigned
Cisco1921#
</code>

<code>
Cisco1921#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES NVRAM administratively down down
GigabitEthernet0/0         unassigned      YES NVRAM administratively down down
GigabitEthernet0/1         192.168.50.2    YES NVRAM up                    up
ATM0/1/0                   unassigned      YES NVRAM up                    up
ATM0/1/0.1                 unassigned      YES unset up                    up
Ethernet0/1/0              unassigned      YES NVRAM down                  down
Ethernet0/1/0.40           unassigned      YES unset down                  down
GigabitEthernet0/0/0       unassigned      YES unset down                  down
GigabitEthernet0/0/1       unassigned      YES unset down                  down
GigabitEthernet0/0/2       unassigned      YES unset down                  down
GigabitEthernet0/0/3       unassigned      YES unset down                  down
Dialer0                    1XX.XXX.81.180 YES IPCP   up                    up (ÖFFENTLICHE IPV4)
NVI0                       192.168.50.2    YES unset up                    up
Tunnel0                    unassigned      YES unset up                    up
Virtual-Access1            unassigned      YES unset up                    up
Virtual-Access2            unassigned      YES unset up                    up
Vlan1                      unassigned      YES unset down                  down
Cisco1921#

</code>
Why is Ethernet0/1/0.40 down?

macgyver1988 · ‎10-12-2016

and no with dhcp i wont get a dhcp address with or without rapid-commit

Georg Pauwen · ‎10-12-2016

Hello,

I am currently looking at the discussion forum from M-Net you mentioned, there seem to be a few mandatory configurations that you need. I will get back with you.

Hope you had a good holiday...

macgyver1988 · ‎10-12-2016

Thanks!!!, holidays were nice, but too shotly :) .

i already posted in the other forum of administrator, yo can see therefore traceroute and ping from a mac client through the cisco. I also get a ip address on Dialer0, but i don't undestood , why it dont will works with websites.

Georg Pauwen · ‎10-13-2016

Hello,

I am starting to think that the problem might be with IPv6 name resolution.

Can you try and type the URL below into your browser ?

http://test-ipv6.com/

macgyver1988 · ‎10-13-2016

Hi,

On this side i may get 10 / 10 Points...

macgyver1988 · ‎11-30-2016

Hi Gpauwen,

sorry for standing by here.....after therefore i was very frustrated about Cisco...

So lets start again :D

i am also playing since nine hours and i think i found the anser.....just in those moment....

Still adding one ****** Line on:

GigabitEthernet0/1 (this is my internal LAN)

-------------------------------------

ipv6 traffic-filter WAN_OUTSIDE_INv6 in

-----------------------------------------------------------------------------------------------

Now all seems fine..it works great.....but

Can you please Check those Config ???ACL

ip dns server
no ip nat service sip udp port 5060
ip nat inside source list 101 interface Dialer0 overload
!
dialer-list 1 protocol ipv6 permit
ipv6 route ::/0 Dialer0
!
!
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any eq domain any
access-list 111 permit udp any eq ntp any
access-list 111 permit gre any any
access-list 111 permit udp any eq bootps any
access-list 111 permit udp any any eq 546
access-list 111 permit udp any eq 5060 any
access-list 111 deny   ip any any log
!
ipv6 access-list WAN_INSIDE_OUTv6
sequence 5 permit ipv6 host 2001:A60::53:1 any
sequence 6 permit ipv6 host 2001:A60::53:2 any
sequence 11 permit icmp any any nd-ns
sequence 12 permit icmp any any nd-na
sequence 15 permit udp any any
sequence 40 permit tcp any any
sequence 100 deny ipv6 any any log
!
ipv6 access-list WAN_OUTSIDE_INv6
sequence 5 permit ipv6 host 2001:A60::53:1 any
sequence 6 permit ipv6 host 2001:A60::53:2 any
sequence 11 permit icmp any any nd-ns
sequence 12 permit icmp any any nd-na
sequence 15 permit udp any any eq domain
sequence 20 permit icmp any any
sequence 40 permit tcp any any established
sequence 45 permit udp any eq ntp any
sequence 50 permit udp FE80::/10 eq 547 FE80::/10
sequence 100 deny ipv6 any any log

Georg Pauwen · ‎11-30-2016

Hello,

so you are getting IPv6 addresses now, both on the WAN and the LAN side ?

What is NOT working ? Can you post the full config ?

Georg Pauwen · ‎11-30-2016

Hello,

I worked on a different IPv6 setup, this is the working config, it is a 2811, but maybe you can compare the access lists to what you have...

! Last configuration change at 17:50:35 UTC Mon Nov 21 2016 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router2821
!
boot-start-marker
boot system flash c2800nm-adventerprisek9-mz.151-4.M10.bin
boot-end-marker
!
!
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip domain name Home
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ipv6 unicast-routing
ipv6 cef
ipv6 cef accounting per-prefix
ipv6 dhcp pool Cox
prefix-delegation pool Cox-ipv6
dns-server 2001:4860:4860::8888
dns-server 2001:4860:4860::8844
!
ipv6 inspect name traffic ftp
ipv6 inspect name traffic udp
ipv6 inspect name traffic icmp
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1
revocation-check none
rsakeypair TP-self-signed
!
crypto pki certificate chain TP-self-signed-1

quit
!
!
license udi pid CISCO2821 sn
username admin privilege 15 password 7
!
redundancy
!
!
ip ssh time-out 70
ip ssh authentication-retries 2
ip ssh version 2
!
class-map type inspect match-any All_Protocols
match protocol tcp
match protocol udp
match protocol icmp
!
!
policy-map type inspect Trusted_to_Internet
class type inspect All_Protocols
inspect
class class-default
drop
!
zone security Trusted
zone security Internet
zone-pair security Trusted->Internet source Trusted destination Internet
service-policy type inspect Trusted_to_Internet
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address dhcp
ipv6 address autoconfig default
ipv6 enable
ipv6 nd autoconfig default-route
ipv6 verify unicast reverse-path
ipv6 dhcp client pd hint ::/60
ipv6 dhcp client pd Cox-ipv6
ipv6 inspect traffic out
ipv6 traffic-filter wan-in in
ipv6 traffic-filter wan-out out
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description LAN
encapsulation dot1Q 1 native
ip address 10.10.1.253 255.255.255.0
ip nat inside
ip virtual-reassembly in
ipv6 address Cox-ipv6 ::/64 eui-64
ipv6 address autoconfig
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server Cox
!
interface GigabitEthernet0/1.2
description Wireless
encapsulation dot1Q 2
ip address 192.168.2.254 255.255.255.0
ip access-group wifi_block in
ip access-group wifi_block out
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static udp 10.10.1.249 1194 interface GigabitEthernet0/0 1194
ip nat inside source static udp 10.10.1.249 1195 interface GigabitEthernet0/0 1195
ip nat inside source static tcp 10.10.1.249 443 interface GigabitEthernet0/0 443
ip nat inside source static tcp 10.10.1.249 22 interface GigabitEthernet0/0 1022
ip nat inside source static tcp 192.168.2.7 80 interface GigabitEthernet0/0 1080
ip nat inside source static tcp 192.168.2.8 80 interface GigabitEthernet0/0 1081
ip nat inside source static tcp 10.10.1.247 42365 interface GigabitEthernet0/0 42365
ip nat inside source static tcp 10.10.1.247 5500 interface GigabitEthernet0/0 5500
ip nat inside source static tcp 10.10.1.247 5501 interface GigabitEthernet0/0 5501
ip route 10.28.0.0 255.255.255.0 10.10.1.249
ip route 10.29.0.0 255.255.255.0 10.10.1.249
ip route 10.30.0.0 255.255.255.0 10.10.1.249
!
ip access-list extended NAT
deny ip 10.10.1.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.2.0 0.0.0.255 10.10.1.0 0.0.0.255
permit ip any any
ip access-list extended wifi_block
deny ip 192.168.2.0 0.0.0.255 10.10.1.0 0.0.0.255
deny ip 10.10.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip any any
!
ip sla 1
http get http://f
ip sla schedule 1 life forever start-time now
access-list 122 deny tcp any eq 22 any
access-list 122 permit tcp 10.0.0.0 0.255.255.255 any
!
!
!
!
snmp-server community fast_RO
snmp-server host 10.10.1.249 version 2c fast
!
!
!
!
ipv6 access-list wan-in
permit icmp any any
permit udp any any eq 546
permit tcp any any established
sequence 100 deny ipv6 any any
!
ipv6 access-list wan-out
permit icmp any any
permit tcp any any
permit udp any any
sequence 100 deny ipv6 any any

macgyver1988 · ‎12-01-2016

Hi,

this is my running-config ....

but theres one problem:

by adding on GigabitEthernet0/1

ipv6 traffic-filter WAN_OUTSIDE_INv6 in

----------------------------

i wont get any DHCP Adresses on my lan Interfaces on the mac clients....

but when typing manuell those adresses to the clients....all seems working fine...

what i made wrong?But i also geht on cisco and on mac clients ipv6 addresses

This is my running_config:

Cisco1921#show running-config
Building configuration...

Current configuration : 7746 bytes
!
! Last configuration change at 09:58:05 CET Thu Dec 1 2016 by user4754
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname Cisco1921
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 10
enable secret 5 XXXXX
!
no aaa new-model
ethernet lmi ce
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
!
!
!
!
!
ip dhcp binding cleanup interval 600
ip dhcp excluded-address 192.168.50.170 192.168.50.254
ip dhcp excluded-address 192.168.50.1 192.168.50.153
!
ip dhcp pool Internal Network
network 192.168.50.0 255.255.255.0
domain-name soho.intern
default-router 192.168.50.2
dns-server 192.168.50.2
!
!
!
ip domain name soho.intern
ip name-server 212.18.0.5
ip name-server 212.18.3.5
ip name-server 2001:A60::53:1
ip name-server 2001:A60::53:2
ip inspect name Firewall udp
ip inspect name Firewall sip
ip inspect name Firewall rtsp
ip inspect name Firewall ftp
ip inspect name Firewall icmp
ip inspect name Firewall pptp
ip inspect name Firewall tcp
ip inspect name Firewall https
ip inspect name Firewall pop3s
ip inspect name Firewall smtp
ip inspect name Firewall imaps
ip cef
ipv6 general-prefix MyLocals FD00:1234:5678::/48
ipv6 general-prefix MyLocals FD00:8765:4321::/48
ipv6 unicast-routing
ipv6 dhcp pool NODE-DHCPV6
prefix-delegation pool NODE-PD lifetime 1800 60
dns-server 2001:A60::53:1
dns-server 2001:A60::53:2
domain-name soho.intern
!
ipv6 inspect name inspectv6 udp
ipv6 inspect name inspectv6 ftp
ipv6 inspect name inspectv6 icmp
ipv6 inspect name inspectv6 tcp
ipv6 multicast-routing
ipv6 cef
ipv6 cef accounting per-prefix
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-XXXX
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-XXXX
revocation-check none
rsakeypair TP-self-signed-XXX
!
!
crypto pki certificate chain TP-self-signed-XXXX
certificate self-signed 01
XXXXXXX
        quit
license udi pid CISCO1921/K9 sn FXXXX
!
!
username user4754 password 7 XXXXX
!
redundancy
!
!
!
!
!
controller VDSL 0/1/0
firmware filename flash:VA_A_39m_B_38u_24h.bin
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
description NETWORK INTERN
ip address 192.168.50.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
ipv6 address MyLocals ::1/64
ipv6 address NODE-PD ::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server NODE-DHCPV6
ipv6 inspect inspectv6 out
ipv6 traffic-filter WAN_OUTSIDE_INv6 in
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/1/0.1 point-to-point
pvc 1/32
bridge-dot1q encap 40
pppoe-client dial-pool-number 1
!
!
interface Ethernet0/1/0
no ip address
no ip route-cache
!
interface Ethernet0/1/0.40
encapsulation dot1Q 40
no ip route-cache
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/0
description NETWORK VOIP
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
!
interface Dialer0
description VDSL Einwahl Interface to ISP MNET
mtu 1492
ip address negotiated
ip access-group 111 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect Firewall out
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 1800 inbound
dialer-group 1
ipv6 address FE80::179:1 link-local
ipv6 address NODE-PD ::FF:0:0:0:1/128
ipv6 address autoconfig default
ipv6 enable
ipv6 mtu 1492
no ipv6 redirects
no ipv6 unreachables
ipv6 dhcp client pd NODE-PD rapid-commit
ipv6 verify unicast reverse-path
ipv6 inspect inspectv6 out
ipv6 traffic-filter WAN_OUTSIDE_INv6 in
ipv6 traffic-filter WAN_INSIDE_OUTv6 out
ipv6 virtual-reassembly in
no keepalive
ppp authentication pap chap callin
ppp chap hostname XXXXXX@mdsl.mnet-online.de
ppp chap password 7 XXXXX
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp route default
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip dns server
no ip nat service sip udp port 5060
ip nat inside source list 101 interface Dialer0 overload
!
dialer-list 1 protocol ipv6 permit
ipv6 route ::/0 Dialer0
!
!
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any eq domain any
access-list 111 permit udp any eq ntp any
access-list 111 permit gre any any
access-list 111 permit udp any eq bootps any
access-list 111 permit udp any any eq 546
access-list 111 permit udp any eq 5060 any
access-list 111 deny   ip any any log
!
ipv6 access-list BLOCKv6
deny ipv6 any any log-input
!
ipv6 access-list WAN_INSIDE_OUTv6
sequence 5 permit ipv6 host 2001:A60::53:1 any
sequence 6 permit ipv6 host 2001:A60::53:2 any
sequence 10 permit icmp any any
permit tcp any any
permit udp any any
sequence 100 deny ipv6 any any log-input
!
ipv6 access-list WAN_OUTSIDE_INv6
sequence 5 permit ipv6 host 2001:A60::53:1 any
sequence 6 permit ipv6 host 2001:A60::53:2 any
sequence 10 permit icmp any any nd-na
sequence 11 permit icmp any any nd-ns
sequence 12 permit udp any any eq 546
sequence 20 permit icmp any any
sequence 40 permit tcp any any established
sequence 100 deny ipv6 any any log-input
!
control-plane
!
!
!
line con 0
logging synchronous
login local
transport preferred none
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 XXXXXX
ipv6 access-class BLOCKv6 in
login local
transport preferred none
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

Cisco1921#

macgyver1988 · ‎12-01-2016

And this is my Log:

Cisco1921#ena6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50260) (GigabitEthernet0/1 a820.6652.4e84) -> 2400:CB00:2048:1::C629:D6B8(80), 4 packets
*Dec 1 10:06:47: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(56237) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:06:48: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50261) (Gigab
Cisco1921#enaitEthernet0/1 a820.6652.4e84) -> 2400:CB00:2048:1::C629:D6B9(80), 4 packets
*Dec 1 10:06:48: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(58969) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:06:48: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50262) (GigabitEthernet0/1 a820.6652.4e84) -> 2400:CB00:2048:1::C629:D7B9(80), 4 packets
*Dec 1 10:06:48: %IPV6_ACL-6-AC
Cisco1921#enaCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(64617) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:06:50: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50263) (GigabitEthernet0/1 a820.6652.4e84) -> 2400:CB00:2048:1::C629:D6BB(80), 4 packets
*Dec 1 10:06:50: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(54898) (GigabitEthernet
Cisco1921#ena0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:06:50: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50264) (GigabitEthernet0/1 a820.6652.4e84) -> 2400:CB00:2048:1::C629:D7B8(80), 4 packets
*Dec 1 10:06:50: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(56237) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
Cisco1921#ena
*Dec 1 10:06:53: %SEC-6-IPACCESSLOGP: list 111 denied tcp 79.115.63.130(11820) -> 188.174.64.53(23), 1 packet
Cisco1921#ena
*Dec 1 10:07:30: %SEC-6-IPACCESSLOGP: list 111 denied tcp 222.102.242.30(51452) -> 188.174.64.53(23), 1 packet
Cisco1921#ena
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(54299) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(52718) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(625
Cisco1921#ena49) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(55158) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50910) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN
Cisco1921#ena_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(57859) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(56658) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(57465) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60:
Cisco1921#ena:53:1(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(54299) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(52718) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A
Cisco1921#ena:909A:4044:64A9(62549) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(55158) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50910) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-A
Cisco1921#enaCCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(57859) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(56658) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(64010) (GigabitEthernet0/1 a820.6652
Cisco1921#ena.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(58969) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(63260) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001
Cisco1921#ena:A61:3135:D500:DD3A:909A:4044:64A9(64617) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(57465) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:57: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(54898) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:0
Cisco1921#ena7:57: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50287) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:1BC0:AF::A1(80), 1 packet