Mysterious missing DHCPv6 feature, was Re: How does one obtain an IPv6 DNS server when VPNing to an ASA?

Mon May 17 04:38:52 CEST 2010

Bill,

It's not clear to me which DHCP feature you are referring to. Perhaps it
is the mix of interleaved style and top-posting, or maybe my ignorance
with Cisco technologies, but I honestly can't figure it out.

Please write it very clearly, in a non-funny way. Try to use a minimum
of acronyms (sort of the opposite of the first post in this thread).
Ideally sprinkle a few URLs explaining what you mean.

Even if we don't ultimately ship it in ISC DHCP, it is probably better
to define this as a dhcpd.conf/dhclient.conf recipe, perhaps using
vendor-specific options, rather than shipping custom code. But I can't
say since I don't know what you mean.

--
Shane

On Sat, 2010-05-15 at 00:35 +0000, bmanning at vacation.karoshi.com wrote:
> many months ago, I asked for this DHCP feature to be supported in
> the IPv6 varient and was told that the IETF refused - hence ISC didn't build
> it into their product.  Phaugh on them - its open source!  So I built a
> server and client that talk IPv6 and support the usual/customary DHCP
> options over IPv6...  it has the unfortunate side effect of not being compatable
> with other DHCP servers or clients but does the job for me and my little 
> piece of hell.  Should work anywhere DHCPv4 does though.
> 
> --bill
> 
> 
> On Fri, May 14, 2010 at 10:53:16AM +0200, Andrew Yourtchenko wrote:
> > On Fri, May 14, 2010 at 7:53 AM, Ben Jencks <ben at bjencks.net> wrote:
> > > It's officially supported in 8.2.x, but there's apparently a nasty bug
> > > in at least the early versions where the "inactive" appliance still
> > > sends RAs despite not forwarding traffic. Be careful and test
> > > carefully. (I didn't experience this bug, we're still on 8.0, but I
> > > know someone who did)
> > 
> > That bug was before 8.2.2 - where it started to be "officially"
> > supported (because of the necessary changes to the infrastructure that
> > alleviated this behaviour. It was more than just a bugfix, yes -
> > starting from 8.2.2 the stateful failover is possible)
> > 
> > I did test it in 8.2.2, it worked all right. Don't use anything earlier.
> > 
> > As for the original question - no; there's no DHCPv6.
> > 
> > >From the config - since you give out both IPv4 and IPv6 - just
> > dual-stack the recursive DNS server, and use IPv4 towards the clients
> > ?
> > 
> > Or you plan to get rid of IPv4 completely for those clients ?
> > 
> > cheers,
> > andrew
> > 
> > >
> > > WRT the original question: I assume you're using AnyConnect? If so, I
> > > can't help you, but if you've managed to get anything IPv6 to work
> > > with IPsec on the ASA, I'd like to hear about it.
> > >
> > > -Ben
> > >
> > > On Fri, May 14, 2010 at 01:11, Frank Bulk <frnkblk at iname.com> wrote:
> > >> I don't believe that's the case in a 8.2.x, look for "IPv6 Support in
> > >> Failover Configurations" in the following:
> > >> http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.htm
> > >> l#wp337399
> > >>
> > >> Frank
> > >>
> > >> -----Original Message-----
> > >> From: Shaun Ewing [mailto:s.ewing at aussiehq.com.au]
> > >> Sent: Friday, May 14, 2010 12:02 AM
> > >> To: Shane Kerr; frnkblk at iname.com
> > >> Cc: ipv6-ops at lists.cluenet.de
> > >> Subject: Re: How does one obtain an IPv6 DNS server when VPNing to an ASA?
> > >>
> > >> <snip>
> > >>
> > >> We have a lot of ASAs, but they're all in HA - and
> > >> anybody who has tried to do IPv6 on them knows (or should know) that IPv6
> > >> support is presently non-existent when in a HA config.
> > >>
> > >> -Shaun
> > >>
> > >>
> > >
> 