AnyConnect IPv6 ONLY

Rolando Valenzuela · ‎03-11-2019

I cannot make it work and I do not find documentation explaining how to do it, but at the same time I do not find documentation saying it is not possible.

It is possible to have an IPv6 only deployment of AnyConnect?

I have a dual-stack firewall, if I connect to the outside IPv4 address, everything works including the split-tunnel for IPv4 and IPv6.

If I tried to connect to the outside IPv6 address it does not, I even tried forcing the DNS resolution using the host files and also removing the IPv4 address from the DNS but I'm not able to connect.

Can someone confirm if the AnyConnect client supports connections to an IPv6 endpoint and if it does, ideas of what I might be doing wrong?

Thanks!

Rolando A. Valenzuela.

Rolando Valenzuela · ‎03-19-2019

:( can someone confirm this?

Oliverrietbrock · ‎04-03-2019

Hello Ronaldo,

Do you have changed the AnyConnect XML Profile to support Protocols: IPv6, IPv4 ?

Which AnyConnect version do you use 4.6.x or 4.7.x ?

I configured SSL-Client and SSL-Clientless on the Connection Profile. I'm not sure how well IPsec / IKEv2 works.

I also have a followup issue with IPv6, I configured an A-Record and AAAA-Record, but AnyConnect prefer the A-Record. Even Microsoft ping resolve the IPv6 reach my ASA first.

Happy Hunting

Rolando Valenzuela · ‎04-03-2019

Oliverrietbrock, XML configured, I tried both vestion 4.6.x and 4.7.x but even if my PC is IPv6 only, anyconnect crashes.

And with dual stack it will always prefer IPv4. So I'm wondering if it is NOT supported, I just haven't been able to find supporting documentation about it.

Rolando A. Valenzuela.

AnyConnect IPv6 ONLY

Secure Access IPv6 - Dual Stack Client Support

事例 : ホストの IPv6 アドレス変更による AnyConnect 接続不安定

IPv6 Essentials: ICMPv6 and NDP

How to Disable IPv6 on AnyConnect

SD-WAN IPv6 tloc-extension IPv6環境下でのルータ二重化