Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

5 posts

Wannabe Geek

#115592 31-Mar-2013 17:27
Send private message

Hi all,

Apologies, double-up from Networking forum.

So i've spent at least 2 days trying to get IPv6 working correctly at home. I'm at a point where I can at least get ICMP replies back from on the console of the ASA but not from a client (Win8 or Win 2012).

I have no idea where i'm going wrong with this...

Topology is currently:

Internet -> Fritz!Box 7390 VDSL router (Snap!) -> ASA5505 -> Inside switch -> Client
  • ASA is in routed firewall mode. IPv4 connectivity is working perfectly. Software version is 9.0(2)
  • Outside interface (VLAN2) is being autoconfigured via SLAAC (not dhcpv6) - this is working
  • Inside interface (VLAN1) I want to have autoconfigured, but this doesn't work for some reason. Perhaps I need to configure an ACL, I don't know what the ACL should be. Setting the IPv6 address manually is fine and I can ping it from a client and the client picks up an autoconfigured address in the same subnet.
  • I've configured a default route for ::/0 to Fritz!Box link-local address. If I change this to be the globally assigned address of the Fritz!Box I can no longer ping from the console.
  • I can't get DHCPrelay working for my clients. I've enabled DHCPv6 on the Fritz!Box and enabled DHCPRelay client on the inside interface and defined the link-local address of the Fritz!Box on the outside interface as the DHCPv6 Server.
interface Vlan1
nameif inside
security-level 100
ip address
ipv6 address fc00::/64 eui-64
ipv6 address fe80::1 link-local
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
ipv6 address fe80::2 link-local
ipv6 address autoconfig
ipv6 nd suppress-ra
ipv6 route outside ::/0 fe80::2665:11ff:feec:d31b
access-list inside_access_in extended permit icmp6 any6 any6
access-list inside_access_in extended permit ip any any

It appears mostly that I can't ping through the ASA. From the ASA I can ping IPv6 sites fine.

Ideally I would have both Outside and Inside interfaces being autoconfigured via SLAAC from Snap!. Outside is autoconfiguring fine but Inside is not. 

Any help would be appreciated!

Create new topic
3607 posts

Uber Geek


  #790018 31-Mar-2013 18:12
Send private message

Have you configured a static route on your Fritzbox to the subnet behind the ASA? Ideally Snap would have given you a /56. You then need to have a /64 configured between the ASA and Fristbox subnet (/64 for SLAAC to work). Once that is working (as it sounds it does), use another of the /64s in your /56 as the LAN side of the ASA. Then on the fritzbox add a static route for the /64 to pass to the SLAAC address on the WAN side of the ASA.

There is a standard to autoconfigure this I believe but its more for ISP etc. Funny timing as I'm just doing IPv6 routing for a customer aatm (just waiting for a reboot and came to check GZ) :)

Speedtest 2019-10-14

5 posts

Wannabe Geek

  #790022 31-Mar-2013 18:47
Send private message

Thanks for that, I figured it could be related to the Fritz!Box. As far as I can tell, via the web interface you can't configure static routes. You might be able to via telnet but to enable Telnet you need to do it via an IP phone (I don't have one).

Also, I believe Snap give out /48 prefixes but these are dynamic which is why I need to go this going via SLAAC or DHCPv6 (I don't think Snap use DHCPv6...I could be wrong though)



170 posts

Master Geek

  #794053 5-Apr-2013 20:11
Send private message

Looks like your missing the command to tell the device to route IPV6 Traffic

ipv6 unicast-routing

5 posts

Wannabe Geek

  #794069 5-Apr-2013 20:42
Send private message

Hey, thanks for the reply.

The ASA does not need (nor does it even have it available) to have "ipv6 unicast-routing". Applying "ipv6 enable" or assigning an ipv6 address to an interface enables ipv6 routing.

"ipv6 unicast-routing" is for IOS routers or layer 3 IOS switches.


111 posts

Master Geek


  #794454 7-Apr-2013 02:03
Send private message

Hey, a few things:

- Snap does use DHCPv6 to issue addresses rather than SLAAC
- The ASA probably doesn't NAT IPv6 by default (would you want/need NAT with that many addresses?)
- I see you have a link-local address on the inside of the ASA but public addressing on the outside.

Here is what the Fritz!Box does when it connects:
- Grabs IPv6 addressing via DHCPv6 (gets a /48 from Snap)
- Re-issues addresses via SLAAC to the local LAN
- Performs stateful firewalling (connection tracking) but not NAT.

My suspicion is that you want to get the ASA to issue addressing from the prefixes it receives from the Fritz!Box. I don't know how to say that in ASA IOS, however - you will need to google it.

And we're working on implementing static IPv6 at Snap, but it's not ready yet (big job, many dependencies!).

Hope this helps!

“I do not think there is any thrill that can go through the human heart like that felt by the inventor as he sees some creation of the brain unfolding to success... Such emotions make a man forget food, sleep, friends, love, everything.” - Nikola Tesla


Disclaimer: Views expressed in my posts do not necessarily reflect those views of my employer.

Create new topic

News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35

UFB hits more than one million connections
Posted 6-Aug-2020 09:42

D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01

New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35

Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21

Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11

Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05

Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26

Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07

Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45

Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48

Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50

Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00

Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51

QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.