We are trying to configure a Remote Access VPN that would offer purely IPV6 addressing on a ASA5525 (v9.8(2)).
We have a public /48 subnet assigned and wanted to dedicate one /64 for the above purpose. The outside interface has an address in that /48 subnet and so does the gateway. We can confirm outbound connectivity from the firewall, but when connecting a client to the VPN we cannot contact anything on the outside.
Our investigation prove that the packets leave the Outside interface, but receive no reply. On closer examination of packet captures, we can observe Neighbor Solication requests from the gateway, which are not passed onto the client and not replied to by the firewall. We've attempted to add the VPN subnet to the Neighbour Discovery prefix list, in hope that this will be sufficient, but to no avail.
We have a similar setup on another ASA using public IPv4 addresses, but the firewall simply advertises the MAC address of the Outside interface as belonging to a public IPv4.
Can someone point me in the right direction here?
... View more