04-29-2005 10:14 PM - edited 02-21-2020 01:44 PM
Maybe someone can help me with the problem I'm having:
I'm trying to establish IPv6 IPSec tunnels between two routers in a point-to-point configuration using IOS v 12.3(6), like in the below configuration.
PC1------Router1-------Router2------PC2
After reading the cisco documentation, this is apparently not possible. I quote:
"Currently, IPv6 IPSec is only available for the control plane. IPv6 IPSec for the data plane will be available in a future release, Implementing Security for IPv6"
As an alternative, I have tried to use IPv6-to-IPv4 tunnel (shown below). But I cant get anything to trigger the ISAKMP transfer (and hence setup the IPSec tunnel.
PC1--(IPv6)--Router1--(IPv4 tunnel)--Router2--(IPv6)--PC2
Does anyone have any suggestions? Is it just not possible at the moment to implement IPv6 and IPSec on cisco routers?
Any help would be greatly appreciated!
COnfigs are posted below:
Router1
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 10
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
!
!
ip cef
ipv6 cef
ipv6 unicast-routing
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
crypto isakmp key xxxx address 192.168.3.2
!
!
interface Tunnel1
no ip address
ipv6 address 2000:3::1/64
tunnel source 192.168.3.1
tunnel destination 192.168.3.2
tunnel mode ipv6ip
no shut
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2000:1::1/64
ipv6 enable
no shut
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface BRI0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
no shut
!
interface Serial0/1
no ip address
shutdown
!
ip http server
no ip http secure-server
ip classless
!
!
ipv6 route 2000:2::/64 tunnel 1
ipv6 route 2000:3::/64 tunnel 1
!
!
access-list 100 permit ip any any
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
Router2:
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 10
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
!
!
ip cef
ipv6 cef
ipv6 unicast-routing
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
crypto isakmp key xxxx address 192.168.3.1
!
!
interface Tunnel1
no ip address
ipv6 address 2000:3::2/64
tunnel source 192.168.3.2
tunnel destination 192.168.3.1
tunnel mode ipv6ip
no shut
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
ipv6 address 2000:2::1/64
ipv6 enable
no shut
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface BRI0/0
no ip address
shutdown
!
interface FastEthernet0/0
ip address 192.168.3.2 255.255.255.0
duplex auto
speed auto
no shut
!
interface Serial0/1
no ip address
shutdown
!
ip http server
no ip http secure-server
ip classless
!
!
ipv6 route 2000:1::/64 tunnel 1
ipv6 route 2000:3::/64 tunnel 1
!
!
access-list 100 permit ip any any
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
04-29-2005 10:58 PM
Hello,
I don't have much to offer as far as IPv6, but I am interested in seeing whether a GRE tunnel would do the trick as documented here:
It would be nice if you could share your results.
Mustafa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide