How does one obtain an IPv6 DNS server when VPNing to an ASA?

Andrew Yourtchenko ayourtch at gmail.com
Sat May 15 04:20:43 CEST 2010


On Sat, May 15, 2010 at 2:35 AM,  <bmanning at vacation.karoshi.com> wrote:
>  many months ago, I asked for this DHCP feature to be supported in
> the IPv6 varient and was told that the IETF refused - hence ISC didn't build
> it into their product.  Phaugh on them - its open source!  So I built a
> server and client that talk IPv6 and support the usual/customary DHCP
> options over IPv6...  it has the unfortunate side effect of not being compatable
> with other DHCP servers or clients but does the job for me and my little
> piece of hell.  Should work anywhere DHCPv4 does though.

wget $ISC_TARBALL_URL
git init
git add .
git commit -m "initial commit"
[edit the files to add the magic]
git commit -m "cool things added"
[...add a repo on github...]
git remote add origin git at github.com:bmanning/mydhcpstuff.git
git push origin master

and post the url to the repo. Or something like that ?

Or is it too specific to your setup/$(L9_issues) to post it ?

cheers,
andrew

>
> --bill
>
>
> On Fri, May 14, 2010 at 10:53:16AM +0200, Andrew Yourtchenko wrote:
>> On Fri, May 14, 2010 at 7:53 AM, Ben Jencks <ben at bjencks.net> wrote:
>> > It's officially supported in 8.2.x, but there's apparently a nasty bug
>> > in at least the early versions where the "inactive" appliance still
>> > sends RAs despite not forwarding traffic. Be careful and test
>> > carefully. (I didn't experience this bug, we're still on 8.0, but I
>> > know someone who did)
>>
>> That bug was before 8.2.2 - where it started to be "officially"
>> supported (because of the necessary changes to the infrastructure that
>> alleviated this behaviour. It was more than just a bugfix, yes -
>> starting from 8.2.2 the stateful failover is possible)
>>
>> I did test it in 8.2.2, it worked all right. Don't use anything earlier.
>>
>> As for the original question - no; there's no DHCPv6.
>>
>> >From the config - since you give out both IPv4 and IPv6 - just
>> dual-stack the recursive DNS server, and use IPv4 towards the clients
>> ?
>>
>> Or you plan to get rid of IPv4 completely for those clients ?
>>
>> cheers,
>> andrew
>>
>> >
>> > WRT the original question: I assume you're using AnyConnect? If so, I
>> > can't help you, but if you've managed to get anything IPv6 to work
>> > with IPsec on the ASA, I'd like to hear about it.
>> >
>> > -Ben
>> >
>> > On Fri, May 14, 2010 at 01:11, Frank Bulk <frnkblk at iname.com> wrote:
>> >> I don't believe that's the case in a 8.2.x, look for "IPv6 Support in
>> >> Failover Configurations" in the following:
>> >> http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.htm
>> >> l#wp337399
>> >>
>> >> Frank
>> >>
>> >> -----Original Message-----
>> >> From: Shaun Ewing [mailto:s.ewing at aussiehq.com.au]
>> >> Sent: Friday, May 14, 2010 12:02 AM
>> >> To: Shane Kerr; frnkblk at iname.com
>> >> Cc: ipv6-ops at lists.cluenet.de
>> >> Subject: Re: How does one obtain an IPv6 DNS server when VPNing to an ASA?
>> >>
>> >> <snip>
>> >>
>> >> We have a lot of ASAs, but they're all in HA - and
>> >> anybody who has tried to do IPv6 on them knows (or should know) that IPv6
>> >> support is presently non-existent when in a HA config.
>> >>
>> >> -Shaun
>> >>
>> >>
>> >
>



More information about the ipv6-ops mailing list