Anyone else seeing IPv6 6rd tunnel failure?
I have been trying to get my Cisco 3825 router setup to support AT&T's 6rd tunnel offering for IPv6. I finally worked through my issues getting DMZ+ mode functioning on my 2Wire 3801 with my 3825. I have configured everything on my router to support 6rd. The tunnel shows that it is Up/Up. I am receiving the proper delegated /60 IPv6 prefix. I have 2000::/3 routed to the border relay anycast address. I have configured the local LAN interface for one of the /64 networks. My clients can reach/ping6 the router on both link-local and global unicast addresses and the tunnel interface but can go no further. I can not ping the Border Relay's IPv6 address from the router either. I have also disabled all of my security configs ACLs, CBAC, and ZBFW just to be sure it was not something simple breaking it.
So, I did some reading and debugging and found that the Zone Based Firewall does not support IPv6 until IOS version 15.2T. I'm still running 15.1(4) on it. I verified this when debugging and could see the traffic was getting dropped by the ZBFW output rules. So, I removed the interface configuration for ZBFW. I ran the debugs again just pinging the remote gateway and I can see the traffic is properly forwarding out the 6rd tunnel interface destined for the remote anycast address. However, I am getting no responses coming inbound. The only other thing I can do to debug is to try to capture on the LAN segment beyond my router and look at the IPv4 tunnel communication. Other than that, I am at a loss as to how to identify the root cause. This issue appears to be beyond my equipment.
Has anyone else seen this kind of failure with the 2Wire 3801? I got the new firmware update a few weeks ago.
Scott, CCIE #14618 Routing & Switching