Hi and thank you for your responses: > Another option might be to upgrade the Cisco so that it can do > the IPv6. > Why don't you terminate the IPv6 tunnel in the Cisco in the first > place? We have the configuration mentioned in the first mail, because we are doing experimentation. I am in a project trying IPv6, the people who wants to be connected through us are usually interested tech people from enterprises or universities without no explicit priority objective of trying IPv6, at least not for now. We are almost by our own. That's why we must be the less invasive as possible. We cannot modify/upgrade main routers.
> If I where you I'd change that to 2000::/3 as there is more > to then just 1 bit extra of the 6bone, you are not routing to > the RIR space (2001::/16) now which contains quite a lot of hosts > and thus content. My mistake, I did it before for 3ffe::/15 (6bone) and 2001::/16 (production IPv6 networks): #route -A inet6 add 3ffe::/15 gw 3ffe:xxxx:xxxx:xxxx::1 <tunnelname> #route -A inet6 add 2001::/16 gw 3ffe:xxxx:xxxx:xxxx::1 <tunnelname> #route -A inet6 add 2000::/3 gw 3ffe:xxxx:xxxx:xxxx::1 <tunnelname> But, I didn't understood what 2000::/3 means please? El mar, 26-08-2003 a las 20:53, Michel Py escribió: > > Jeroen Massar wrote: > > The Cisco should be instructed to forward all the proto 41 > > packets to the private host. > > I'd be curious how you do that on cisco nat. What you want to do is > something like: > ip nat inside source static <proto41> <private_IP> <proto41> <public_IP> > > unfortunately, there is no such option (only esp, tcp and udp) > cisco3640(config)#ip nat inside source static ? > A.B.C.D Inside local IP address > esp IPSec-ESP (Tunnel mode) support > network Subnet translation > tcp Transmission Control Protocol > udp User Datagram Protocol > which leaves you with the only possibility: > ip nat inside source static <private_IP> <public_IP> which NATs not only > 41 but each and every protocol and port as well and I'm not too hot > about that. > > OR what sometimes with NAT's also work is to start the > > communication on the private host side. > I strongly discourage this. Tried it, works for a while and then craps > out without notice. Usually we connect little labs within large institutions.If something have to be done in the main routers, we have to say to the admins exactly what we wants. And we have to assure them that nothing bad will occurs with their normal data traffic. That's why I prefer solutions that don't touch main routers, but if it's a must, please could you tell me how to forward all the proto 41 packets to the private host. My major experience is with GNU/Linux with very little of Cisco IOS. >And as a last resort you could employ a tinc/vtund tunnel > which simply uses tcp or udp and router your IPv6 over that. Hmm I just saw a NewRiders book about VPNs, I'll try to get it. Claudia --------------------------------------------------------------------- The IPv6 Users Mailing List Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
