This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need to pass IPv6 Connectivity to a VLAN, many VMs need to be reachable from the Internet on port 161

I see an IPv6 address on my WAN port, but none on any of my configured VLANs or Interfaces.


I'm guessing I need to configure IPv6 Router Advertisements, but when I click it doesn't have an interface

I'm not sure how to open this port up for these devices



This thread was automatically locked due to age.
Parents
  • Hi,

    the XG does not propagate IPv6 addresses. You need to setup your own internal address ranges and do not forget to use a Nat. You can use ra or dhcp or both. If you use ra you will end with multiple IPv6 addresses on devices, so you will need to workout how your filtering rules will apply to specific devices or the entire IPv6 range.

    I use dhcp and ra, with some of the ra features disabled so only one address is assigned.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Do you know why there are no interfaces available in my screenshot?


    Thanks,

    Josh

  • Hi,

    because you have not created an IPv6 interface on any of your ports.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Cool. Yes I see that now. So the solution is to make some sort of internal IPv6 address scheme on the interfaces and VLANs. Then configure DHCP and an RA, NAT, and a firewall rule?

  • Correct.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I just don't think this is going to work. Basically I have a bunch of virtual routers sitting in a VLAN, on the LAN side of the firewall. These virtual routers need to receive polls from "kentik.com" via a few different ports. (161 for instance)

    If I am using DNAT, I have one IP address on the WAN that Kentik can poll to. So kentik says poll SNMPv3 on  "MY IPv6 Address:161" and that maps to ONE of the virtual routers.

    I still have a large number of virtual routers that aren't reachable, and to my knowledge Kentik does not let me choose other ports for which to poll each individual router.

    That's why I was trying not to use NAT.

  • HI,

    IPv6 on an XG (current version) requires a NAT to access the internet. You could try setting up aliases on the WAN port using the IPv6 range assigned to you.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • rfcat_vk,

    I have created new aliases on the WAN port. I can access them from the Internet, I can imagine this working with a 1:1 DNAT based. Could there also be a 1:many scenario that could work in my situation?

    Thanks for your help,

    Josh

  • Hi Josh,

    i don’t know, you can experiment while waiting for one of the sophos support team to review the thread and add some 3xtra information.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi Josh,

    i don’t know, you can experiment while waiting for one of the sophos support team to review the thread and add some 3xtra information.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data