Native IPv6

  • How to get native ipv6 working?
    I want SSG-140 to control which traffic allow from internet to certain hosts, but all hosts should be able to reach the ipv6 world without limits.

    Our ISP gave us a /64 address which I added to either Trust or Untrust zone interfaces, either as host or router (SSG-140), but the best I can get is to ping ISP’s gateway and from the router, and also do ipv6-to-ipv4-MIP (some online ping test showed response to that address).

    This is good, but I want usual ipv6 connectivity so that any machine in internal network can go to an ipv6 address. When I added IPv6 address manually to an internal host using the same prefix then I couldn’t achieve the connectivity between router and that host. (In the future I’d like to use dhcpv6 in current windows dhcp server but now I  put that address manually for testing.)

    Any clues or instructions what has to be done for such connectivity what seems to me the most natural one?

  • I think you need a second IPv6 subnet (at least /64) from your provider which is routed to your SSG. You configure the existing /64 on the untrust if and the new network on the trust if. Then you may want to enable neighbour discovery, so clients can get their IPv6 address and default gateway automaticly.