How does one obtain an IPv6 DNS server when VPNing to an ASA?
Andrew Yourtchenko
ayourtch at gmail.com
Fri May 14 10:53:16 CEST 2010
On Fri, May 14, 2010 at 7:53 AM, Ben Jencks <ben at bjencks.net> wrote:
> It's officially supported in 8.2.x, but there's apparently a nasty bug
> in at least the early versions where the "inactive" appliance still
> sends RAs despite not forwarding traffic. Be careful and test
> carefully. (I didn't experience this bug, we're still on 8.0, but I
> know someone who did)
That bug was before 8.2.2 - where it started to be "officially"
supported (because of the necessary changes to the infrastructure that
alleviated this behaviour. It was more than just a bugfix, yes -
starting from 8.2.2 the stateful failover is possible)
I did test it in 8.2.2, it worked all right. Don't use anything earlier.
As for the original question - no; there's no DHCPv6.
>From the config - since you give out both IPv4 and IPv6 - just
dual-stack the recursive DNS server, and use IPv4 towards the clients
?
Or you plan to get rid of IPv4 completely for those clients ?
cheers,
andrew
>
> WRT the original question: I assume you're using AnyConnect? If so, I
> can't help you, but if you've managed to get anything IPv6 to work
> with IPsec on the ASA, I'd like to hear about it.
>
> -Ben
>
> On Fri, May 14, 2010 at 01:11, Frank Bulk <frnkblk at iname.com> wrote:
>> I don't believe that's the case in a 8.2.x, look for "IPv6 Support in
>> Failover Configurations" in the following:
>> http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.htm
>> l#wp337399
>>
>> Frank
>>
>> -----Original Message-----
>> From: Shaun Ewing [mailto:s.ewing at aussiehq.com.au]
>> Sent: Friday, May 14, 2010 12:02 AM
>> To: Shane Kerr; frnkblk at iname.com
>> Cc: ipv6-ops at lists.cluenet.de
>> Subject: Re: How does one obtain an IPv6 DNS server when VPNing to an ASA?
>>
>> <snip>
>>
>> We have a lot of ASAs, but they're all in HA - and
>> anybody who has tried to do IPv6 on them knows (or should know) that IPv6
>> support is presently non-existent when in a HA config.
>>
>> -Shaun
>>
>>
>
More information about the ipv6-ops
mailing list