Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2006
Views
5
Helpful
1
Replies

Cannot browse Internet unless IPv6 is disabled in adapter

Rick Bargerhuff
Level 1
Level 1

‎08-15-2019 07:08 AM - edited ‎08-15-2019 07:10 AM

Hello,

 

I have recently been given access to my work environments VPN. However, once I'm connected successfully to the VPN, local web browsing no longer works. The VPN at work is set to 'Drop all IPv6 Traffic.' The IT department has stated that IPv6 is not supported over the VPN at the present time.

 

If while I'm connected to the VPN, I uncheck "Internet Protocol  Version 6 (TCP/IPv4)" of my local Ethernet adapter I then can browse the internet.

 

Now I tried disabling the same IPv6 toggle on the AnyConnect VPN adapter but that has no effect. Only disabling IPv6 in my local machine's ethernet adapter allows the internet to be browsed.

 

My field is development so I'm not strong in network configuration. I have read many sources stating that I should NOT be disabling IPv6 support on my local machine. So I am a bit confused on whether or not this is a VPN configuration issue or if the issue has to do with my local machine.

 

I currently have a support ticket request into IT for this but I'm also reaching out here to see if this is something that should be fixed on my own person machine.

 

I am using AnyConnect VPN Mobility Client version 4.5.03040 on a Windows 10 Education (Latest)

 

Thank you in advance!

2 people had this problem
Labels:
0 Helpful
1 Reply 1

richard.priest
Level 1
Level 1

‎06-25-2020 07:14 AM

I realise this is an old post, but it appeared in seaches when I was looking for a solution to the same issue.

basically you need to configure split tunneling for IPv6, if you leave everything at the defaults, all IPv6 traffic is sent down the VPN, but also the client is set to not send IPv6 down the tunnel, so it's all dropped.

it's easy enough, just create an IPV6 pool for your clients i.e.

ipv6 local pool IPv6AnyConnect_Pool fc00::1/64 256

then add that pool to your spilt tunnel acl, with a destination of 'any6' note it'll need to be an extended ACL for IPv6.

Now when a client connects it'll be issued a unique local IPv6 address and no traffic will be sent down the tunnel.





Customers Also Viewed These Support Documents