Existing IPv4 IPSec tunnel – how to add IPv6

miken32 · Sep 1, 2015, 5:43 PM

We have a Cisco ASA 5512 in our NOC and have a /48 from our provider. Remote offices have IPSec tunnels to the NOC with 192.168.x.x addressing. The remote offices do not have native IPv6 from their ISPs so I'd like to tunnel the IPv6 traffic back through the NOC.

I've gotten as far as adding a second IPv6 phase 2 to my existing tunnel. LAN addressing is set up just fine. How do I tell pfSense to route the traffic through the tunnel though?

jimp · Sep 2, 2015, 8:25 PM

IIRC this probably won't work.

First, it requires IKEv2 to be able to mix IPv4 and IPv6 on a single tunnel, but even then it may not function as expected. There are some issues with Cisco ASA and IKEv2 such as https://redmine.pfsense.org/issues/4704 that may also hold it back.

miken32 · Sep 3, 2015, 12:26 AM

Yes, I already worked around the multiple P2 issue with a config edit and both come up successfully.

Tomorrow I'm going to try setting the network on the ASA side of the IPv6 P2 to ::/0 instead of the LAN address…