Caspar

Hi All,

I have been thinking of getting a new “small” router at home to get IPv6 running and working together with my firewall. Currently I’m building the following configuration and need to test it it but it looks promising. Once it is working I will put up a revised version with everything that is required put up here.

update 26-03-2014: revised configuration.

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname <yourhostname>
!
!
enable secret <your secret Password>
!
no aaa new-model
memory-size iomem 10
!
!
!
!
!
!
!
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool ipv6_inside
 dns-server <single ipv6 dns server>
!
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
interface Ethernet0
 no ip address
!
interface Ethernet0.1
 encapsulation dot1Q 6
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Vlan1
 ip address <internal IP> <internal subnetmask>
 ip access-group <ipv4 address list> out
 ip nat inside
 ip virtual-reassembly in
 no autostate
 ipv6 address <public router ipv6 address>
 ipv6 enable
 ipv6 nd other-config-flag
 ipv6 nd ra interval 30
 ipv6 dhcp server ipv6_inside rapid-commit
 ipv6 mld query-interval 60
 ipv6 traffic-filter <ipv6 address list> out
!
interface Dialer0
 mtu 1492
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 ipv6 unnumbered vlan1
 ipv6 enable
 ipv6 nd ra interval 30
 ipv6 mld query-interval 60
 ipv6 virtual-reassembly in
 ppp authentication pap callin
 ppp pap sent-username <ppp username> password <ppp password>
 no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 101 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended access-list-ipv4
 permit tcp any any established
 permit tcp any host <ASA ipv4 addr> eq 443
 permit icmp any any echo-reply
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 permit icmp any any packet-too-big
 permit icmp any any parameter-problem
 permit icmp any any echo
!
access-list 23 permit <ipv4 allow network / ip for telnet>
access-list 101 remark ==== LAN netwerk ====
access-list 101 permit ip <local network> <network address> any
dialer-list 1 protocol ip permit
no cdp run
ipv6 route ::/0 Dialer0
!
!
ipv6 access-list access-list-ipv6
 permit ipv6 any FF02::/16
 permit ipv6 any FF0E::/16
 deny ipv6 any FEC0::/10
 deny ipv6 any FF00::/8
 permit tcp any any established
 permit icmp any any echo-reply
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 permit icmp any any echo-request
 permit icmp any any packet-too-big
 permit icmp any any parameter-problem
 permit tcp any host <ASA ipv6 addr> eq 443
 remark permit all traffic - make sure you have a correct firewall on the computer
 permit ip any any 
!
ipv6 access-list Telnet-netwerk-ipv6
 permit ipv6 <allow ipv6 telnet locations>
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 password <telnet password>
 ipv6 access-class Telnet-netwerk-ipv6 in
 login
 transport input all
!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.