Native IPv6



  • How to get native ipv6 working?
    I want SSG-140 to control which traffic allow from internet to certain hosts, but all hosts should be able to reach the ipv6 world without limits.

    Our ISP gave us a /64 address which I added to either Trust or Untrust zone interfaces, either as host or router (SSG-140), but the best I can get is to ping ISP’s gateway and ipv6.google.com from the router, and also do ipv6-to-ipv4-MIP (some online ping test showed response to that address).

    This is good, but I want usual ipv6 connectivity so that any machine in internal network can go to an ipv6 address. When I added IPv6 address manually to an internal host using the same prefix then I couldn’t achieve the connectivity between router and that host. (In the future I’d like to use dhcpv6 in current windows dhcp server but now I  put that address manually for testing.)

    Any clues or instructions what has to be done for such connectivity what seems to me the most natural one?



  • I think you need a second IPv6 subnet (at least /64) from your provider which is routed to your SSG. You configure the existing /64 on the untrust if and the new network on the trust if. Then you may want to enable neighbour discovery, so clients can get their IPv6 address and default gateway automaticly.


 

44
Online

38.4k
Users

12.7k
Topics

44.5k
Posts