How does one obtain an IPv6 DNS server when VPNing to an ASA?

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Sat May 15 02:35:56 CEST 2010


 many months ago, I asked for this DHCP feature to be supported in
the IPv6 varient and was told that the IETF refused - hence ISC didn't build
it into their product.  Phaugh on them - its open source!  So I built a
server and client that talk IPv6 and support the usual/customary DHCP
options over IPv6...  it has the unfortunate side effect of not being compatable
with other DHCP servers or clients but does the job for me and my little 
piece of hell.  Should work anywhere DHCPv4 does though.

--bill


On Fri, May 14, 2010 at 10:53:16AM +0200, Andrew Yourtchenko wrote:
> On Fri, May 14, 2010 at 7:53 AM, Ben Jencks <ben at bjencks.net> wrote:
> > It's officially supported in 8.2.x, but there's apparently a nasty bug
> > in at least the early versions where the "inactive" appliance still
> > sends RAs despite not forwarding traffic. Be careful and test
> > carefully. (I didn't experience this bug, we're still on 8.0, but I
> > know someone who did)
> 
> That bug was before 8.2.2 - where it started to be "officially"
> supported (because of the necessary changes to the infrastructure that
> alleviated this behaviour. It was more than just a bugfix, yes -
> starting from 8.2.2 the stateful failover is possible)
> 
> I did test it in 8.2.2, it worked all right. Don't use anything earlier.
> 
> As for the original question - no; there's no DHCPv6.
> 
> >From the config - since you give out both IPv4 and IPv6 - just
> dual-stack the recursive DNS server, and use IPv4 towards the clients
> ?
> 
> Or you plan to get rid of IPv4 completely for those clients ?
> 
> cheers,
> andrew
> 
> >
> > WRT the original question: I assume you're using AnyConnect? If so, I
> > can't help you, but if you've managed to get anything IPv6 to work
> > with IPsec on the ASA, I'd like to hear about it.
> >
> > -Ben
> >
> > On Fri, May 14, 2010 at 01:11, Frank Bulk <frnkblk at iname.com> wrote:
> >> I don't believe that's the case in a 8.2.x, look for "IPv6 Support in
> >> Failover Configurations" in the following:
> >> http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.htm
> >> l#wp337399
> >>
> >> Frank
> >>
> >> -----Original Message-----
> >> From: Shaun Ewing [mailto:s.ewing at aussiehq.com.au]
> >> Sent: Friday, May 14, 2010 12:02 AM
> >> To: Shane Kerr; frnkblk at iname.com
> >> Cc: ipv6-ops at lists.cluenet.de
> >> Subject: Re: How does one obtain an IPv6 DNS server when VPNing to an ASA?
> >>
> >> <snip>
> >>
> >> We have a lot of ASAs, but they're all in HA - and
> >> anybody who has tried to do IPv6 on them knows (or should know) that IPv6
> >> support is presently non-existent when in a HA config.
> >>
> >> -Shaun
> >>
> >>
> >



More information about the ipv6-ops mailing list