Basic IPv6 tunnelling using GRE using Cisco 887 va

While I was testing and setting up IPv6 enabled 30:30 servers, I needed to get IPv6 to my home. I thought I’d do a quick and dirty IPv6 tunnel from one of our transit routers (BGP Border router) to my Cisco 887. There are a few options with tunnelling using Cisco routers, but if you want a ‘just works’ solution and its only a point to point, then GRE is the way to go. Here’s my setup:


This would have worked with any ISP’s broadband which makes it a very flexible solution, but of course I used a Gconnect DSL account! First I setup the ‘head’ end on the border router. This router has a full IPv6 transit table so I’m right on the internet once my tunnel lands.

interface Tunnel0
 description *** TUNNEL TO HOME OFFICE ***
 no ip address
 ipv6 address FE80::7 link-local
 ipv6 address 2A01:570:Y:XXXX::1/64
 ipv6 ospf 1 area 0
 tunnel source Loopback0
 tunnel destination 84.21.X.X

The default tunnel on a Cisco router is GRE, so even if you specify tunnel mode gre ip it will not show in the resulting config. I chose to add the link /64 to our internal OSPFv3 domain and then add a static route for the /64 on my site.

ipv6 route 2A01:570:Y:XXXY::/64 2A01:570:Y:XXXX::2

OK, so now its time to set up the home router end.

interface Tunnel0
 description *** TUNNEL TO BORDER ROUTER ***
 no ip address
 zone-member security OUTSIDE
 ipv6 address 2A01:570:Y:XXXX::2/64
 tunnel source Dialer0
 tunnel destination 84.21.X.Y

The tunnel should be up provided that you have IPv4 connectivity between the tunnel endpoints. I also added a static default route pointing all IPv6 traffic through the tunnel.

ipv6 route ::/0 Tunnel0

You probably noticed the zone-member security OUTSIDE on the tunnel interface. You’ll need an IOS past 15.X as far as i can tell for the firewall to actually work with IPv6! Now the test, I’m pinging Google’s [2a00:1450:400c:c00::63] address

#ping 2a00:1450:400c:c00::63 source vlan 20

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A00:1450:400C:C00::63, timeout is 2 seconds:
Packet sent with a source address of 2A01:570:Y:XXXY::1
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/52 ms

Its all good, I can now browse to IPv6 enabled websites.

This entry was posted in Cisco, IPv6 and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *