Maybe someone can help me with the problem I'm having:
I'm trying to establish IPv6 IPSec tunnels between two routers in a point-to-point configuration using IOS v 12.3(6), like in the below configuration.
PC1------Router1-------Router2------PC2
After reading the cisco documentation, this is apparently not possible. I quote:
"Currently, IPv6 IPSec is only available for the control plane. IPv6 IPSec for the data plane will be available in a future release, Implementing Security for IPv6"
As an alternative, I have tried to use IPv6-to-IPv4 tunnel (shown below). But I cant get anything to trigger the ISAKMP transfer (and hence setup the IPSec tunnel.
PC1--(IPv6)--Router1--(IPv4 tunnel)--Router2--(IPv6)--PC2
Does anyone have any suggestions? Is it just not possible at the moment to implement IPv6 and IPSec on cisco routers?
Any help would be greatly appreciated!
COnfigs are posted below: Router1 ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router1 ! boot-start-marker boot-end-marker ! ! memory-size iomem 10 no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ip cef ipv6 cef ipv6 unicast-routing ! ! crypto isakmp policy 1 encr aes 256 authentication pre-share group 5 crypto isakmp key
1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 address 192.168.3.2 ! ! interface Tunnel1 no ip address ipv6 address 2000:3::1/64 tunnel source 192.168.3.1 tunnel destination 192.168.3.2 tunnel mode ipv6ip no shut ! interface FastEthernet0/0 no ip address duplex auto speed auto ipv6 address 2000:1::1/64 ipv6 enable no shut ! interface Serial0/0 no ip address shutdown no fair-queue ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 192.168.3.1 255.255.255.0 duplex auto speed auto no shut ! interface Serial0/1 no ip address shutdown ! ip http server no ip http secure-server ip classless ! ! ipv6 route 2000:2::/64 tunnel 1 ipv6 route 2000:3::/64 tunnel 1 ! ! access-list 100 permit ip any any ! ! line con 0 line aux 0 line vty 0 4 login ! ! endRouter2: ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router2 ! boot-start-marker boot-end-marker ! ! memory-size iomem 10 no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ip cef ipv6 cef ipv6 unicast-routing ! ! crypto isakmp policy 1 encr aes 256 authentication pre-share group 5 crypto isakmp key
1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 address 192.168.3.1 ! ! interface Tunnel1 no ip address ipv6 address 2000:3::2/64 tunnel source 192.168.3.2 tunnel destination 192.168.3.1 tunnel mode ipv6ip no shut ! interface FastEthernet0/1 no ip address duplex auto speed auto ipv6 address 2000:2::1/64 ipv6 enable no shut ! interface Serial0/0 no ip address shutdown no fair-queue ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/0 ip address 192.168.3.2 255.255.255.0 duplex auto speed auto no shut ! interface Serial0/1 no ip address shutdown ! ip http server no ip http secure-server ip classless ! ! ipv6 route 2000:1::/64 tunnel 1 ipv6 route 2000:3::/64 tunnel 1 ! ! access-list 100 permit ip any any ! ! line con 0 line aux 0 line vty 0 4 login ! ! end