Hello, I have been trying to get the tunnel to pass traffic for a number of days without success and I need some help as I've run out of ideas of things to try. I've created the tunnel on a Cisco 2851 with 15.0(1)M9 tried it with 15.1(4)M9 too. I can see traffic inbound to the tunnel interface and I can see traffic going out but I never seem to receive a ping response as if its getting dropped in the path towards the POP. The tunnel shows as down on the status page; Tunnel Information for T170645 The configuration for this tunnel looks like: Tunnel NameMy First Tunnel PoP Namegblon03 PoP LocationLondon, United Kingdom (Great Britain) United Kingdom (Great Britain) PoP IPv4212.113.147.150 TIC Servertic.sixxs.net (default in AICCU) Your Location***, United Kingdom (Great Britain) United Kingdom (Great Britain) Your IPv4Static, currently 77.86.*.* IPv6 Prefixxxxx:xxxx:xxxx:xxxx::1/64 PoP IPv6xxxx:xxxx:xxxx:xxxx::1 Your IPv6xxxx:xxxx:xxxx:xxxx::2 Created2015-09-28 07:01:49 UTC Last Alivenever Last Dead2015-10-04 01:15:01 UTC Uptime0 days (based on latency check) Config StateEnabled PoP StatusLive Tunnel Status on the PoP ping and traceroute to POP, please note my ISP is using RFC1918 IP addresses on their core (naughty) but my router has a public IP address with no NAT before it; Type escape sequence to abort. Sending 5, 1492-byte ICMP Echos to 212.113.147.150, timeout is 2 seconds: Packet sent with the DF bit set !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 ms Type escape sequence to abort. Tracing the route to 212.113.147.150 1 10.55.212.42 8 msec 4 msec 8 msec 2 10.55.213.41 4 msec 4 msec 4 msec 3 5.57.80.211 12 msec 16 msec 12 msec 4 89.145.125.38 12 msec 12 msec 12 msec 5 89.145.125.78 16 msec 16 msec 12 msec 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Interface, firewall and routing configuration; ! ipv6 inspect name FIREWALL-V6 tcp ipv6 inspect name FIREWALL-V6 udp ipv6 inspect name FIREWALL-V6 ftp ipv6 inspect name FIREWALL-V6 icmp ! interface Loopback64 no ip address ipv6 address xxxx:xxxx:xxxx:xxxx::1/64 ipv6 enable ! interface Tunnel64 description IPv6 uplink to SixXS no ip address ip mtu 1280 ipv6 address xxxx:xxxx:xxxx:xxxx::2/64 ipv6 enable ipv6 mtu 1280 ipv6 inspect FIREWALL-V6 out ipv6 traffic-filter V6-FILTER in tunnel source Dialer1 tunnel mode ipv6ip tunnel destination 212.113.147.150 ! ipv6 route ::/0 Tunnel64 ! ipv6 access-list V6-FILTER permit icmp any any deny ipv6 any any log ! The firewall rules shows hits for inbound connections using protocol 41 from the POP IP address; 10 permit udp any eq bootps any eq bootpc 20 permit icmp any host 77.86.*.* echo (8 matches) 30 permit icmp any host 77.86.*.* echo-reply 40 permit icmp any host 77.86.*.* source-quench 50 permit icmp any host 77.86.*.* traceroute 60 permit icmp any host 77.86.*.* packet-too-big 70 permit icmp any host 77.86.*.* time-exceeded (13 matches) 80 permit udp any host 77.86.*.* eq 51413 (702 matches) 90 permit tcp any host 77.86.*.* eq 51413 (75273 matches) 100 permit udp any host 77.86.*.* eq isakmp 110 permit udp any host 77.86.*.* eq non500-isakmp 120 permit tcp any host 77.86.*.* eq 443 130 permit udp any host 77.86.*.* eq 443 140 permit tcp any host 77.86.*.* eq 55055 150 permit tcp host 77.86.33.155 host 77.86.*.* eq 16003 160 permit 41 host 212.113.147.150 host 77.86.*.* (100 matches) 170 permit esp host 87.117.229.90 host 77.86.*.* 180 deny ip any any log (2748 matches) Here are the tunnel interfaces; Tunnel64 is up, line protocol is up IPv6 is enabled, link-local address is FE80::4D56:6042 No Virtual link-local address(es): Description: IPv6 uplink to SixXS Global unicast address(es): xxxx:xxxx:xxxx:xxxx::2, subnet is xxxx:xxxx:xxxx:xxxx::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:xxxx:2 FF02::1:xxx:xxxx MTU is 1280 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent Input features: Common pak subblock Access List Output features: Firewall Inspection Inbound access list V6-FILTER Outbound Inspection Rule FIREWALL-V6 ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) Hosts use stateless autoconfig for addresses. ! Tunnel64 is up, line protocol is up Hardware is Tunnel Description: IPv6 uplink to SixXS MTU 17920 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 77.86.*.* (Dialer1), destination 212.113.147.150 Tunnel Subblocks: src-track: Tunnel64 source tracking subblock associated with Dialer1 Set of tunnels with source Dialer1, 1 member (includes iterators), on interface <OK> Tunnel protocol/transport IPv6/IP Tunnel TTL 255 Tunnel transport MTU 1472 bytes Tunnel transmit bandwidth 8000 (kbps) Tunnel receive bandwidth 8000 (kbps) Last input 00:00:22, output 00:00:22, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38 packets input, 41458 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 86 packets output, 44974 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out Debug output shows a ping reaching the tunnel interfaces and a response being sent back; 000561: Oct 4 16:06:00.247 UTC: Tunnel64: IPv6/IP to classify 212.113.147.150->77.86.*.* (tbl=0,"default" len=1049 ttl=57 tos=0x0) ok, oce_rc=0x0 000562: Oct 4 16:06:00.247 UTC: Tunnel64: IPv6/IP (PS) to decaps 212.113.147.150->77.86.*.* (tbl=0, "default", len=1049, ttl=57) 000563: Oct 4 16:06:00.247 UTC: Tunnel64: decapsulated IPv6/IP packet (len 1049) 000564: Oct 4 16:06:00.247 UTC: IPv6-Fwd: Destination lookup for xxxx:xxxx:xxxx:xxxx::2 : Local, i/f=Tunnel64, nexthop=xxxx:xxxx:xxxx:xxxx::2 000565: Oct 4 16:06:00.247 UTC: IPV6: source xxxx:xxxx:xxxx:xxxx::1 (Tunnel64) 000566: Oct 4 16:06:00.247 UTC: dest xxxx:xxxx:xxxx:xxxx::2 (Tunnel64) 000567: Oct 4 16:06:00.247 UTC: traffic class 0, flow 0x0, len 1029+20, prot 58, hops 64, forward to ulp 000568: Oct 4 16:06:00.247 UTC: IPv6-Fwd: Destination lookup for xxxx:xxxx:xxxx:xxxx::1 : i/f=Tunnel64, nexthop=xxxx:xxxx:xxxx:xxxx::1 000569: Oct 4 16:06:00.247 UTC: IPV6: source xxxx:xxxx:xxxx:xxxx::2 (local) 000570: Oct 4 16:06:00.247 UTC: dest xxxx:xxxx:xxxx:xxxx::1 (Tunnel64) 000571: Oct 4 16:06:00.247 UTC: traffic class 0, flow 0x0, len 1029+0, prot 58, hops 64, originating 000572: Oct 4 16:06:00.247 UTC: IPv6-Fwd: Sending on Tunnel64 000573: Oct 4 16:06:00.247 UTC: Tunnel64: IPv6/IP encapsulated 77.86.*.*->212.113.147.150 (linktype=79, len=1049) 000574: Oct 4 16:06:00.247 UTC: Tunnel64 count tx, adding 20 encap bytes Debug output shows a ping to google's DNS servers going out but no responce back; 000492: Oct 4 16:04:37.638 UTC: IPv6-Sas: SAS on intf Loopback64 picked source xxxx:xxxx:xxxx:xxxx::1 for 2001:4860:4860::8888 000493: Oct 4 16:04:37.638 UTC: IPv6-Fwd: Destination lookup for 2001:4860:4860::8888 : i/f=Tunnel64, nexthop=2001:4860:4860::8888 000494: Oct 4 16:04:37.642 UTC: IPV6: source xxxx:xxxx:xxxx:xxxx::1 (local) 000495: Oct 4 16:04:37.642 UTC: dest 2001:4860:4860::8888 (Tunnel64) 000496: Oct 4 16:04:37.642 UTC: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating 000497: Oct 4 16:04:37.642 UTC: IPv6-Fwd: Sending on Tunnel64 000498: Oct 4 16:04:37.642 UTC: Tunnel64: IPv6/IP encapsulated 77.86.*.*->212.113.147.150 (linktype=79, len=120) 000499: Oct 4 16:04:37.642 UTC: Tunnel64 count tx, adding 20 encap bytes. 000500: Oct 4 16:04:39.030 UTC: %SEC-6-IPACCESSLOGDP: list OUTSIDE-IN denied icmp 46.107.230.162 -> 77.86.*.* (3/3), 1 packet 000501: Oct 4 16:04:39.642 UTC: IPv6-Fwd: Destination lookup for 2001:4860:4860::8888 : i/f=Tunnel64, nexthop=2001:4860:4860::8888 000502: Oct 4 16:04:39.642 UTC: IPV6: source xxxx:xxxx:xxxx:xxxx::1 (local) 000503: Oct 4 16:04:39.642 UTC: dest 2001:4860:4860::8888 (Tunnel64) 000504: Oct 4 16:04:39.642 UTC: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating 000505: Oct 4 16:04:39.642 UTC: IPv6-Fwd: Sending on Tunnel64 000506: Oct 4 16:04:39.642 UTC: Tunnel64: IPv6/IP encapsulated 77.86.*.*->212.113.147.150 (linktype=79, len=120) 000507: Oct 4 16:04:39.642 UTC: Tunnel64 count tx, adding 20 encap bytes. 000508: Oct 4 16:04:41.358 UTC: %SEC-6-IPACCESSLOGP: list OUTSIDE-IN denied udp 188.32.30.102(6881) -> 77.86.*.*(54534), 1 packet 000509: Oct 4 16:04:41.642 UTC: IPv6-Fwd: Destination lookup for 2001:4860:4860::8888 : i/f=Tunnel64, nexthop=2001:4860:4860::8888 000510: Oct 4 16:04:41.642 UTC: IPV6: source xxxx:xxxx:xxxx:xxxx::1 (local) 000511: Oct 4 16:04:41.642 UTC: dest 2001:4860:4860::8888 (Tunnel64) 000512: Oct 4 16:04:41.642 UTC: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating 000513: Oct 4 16:04:41.642 UTC: IPv6-Fwd: Sending on Tunnel64 000514: Oct 4 16:04:41.642 UTC: Tunnel64: IPv6/IP encapsulated 77.86.*.*->212.113.147.150 (linktype=79, len=120) 000515: Oct 4 16:04:41.642 UTC: Tunnel64 count tx, adding 20 encap bytes. 000516: Oct 4 16:04:43.642 UTC: IPv6-Fwd: Destination lookup for 2001:4860:4860::8888 : i/f=Tunnel64, nexthop=2001:4860:4860::8888 000517: Oct 4 16:04:43.642 UTC: IPV6: source xxxx:xxxx:xxxx:xxxx::1 (local) 000518: Oct 4 16:04:43.642 UTC: dest 2001:4860:4860::8888 (Tunnel64) 000519: Oct 4 16:04:43.642 UTC: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating 000520: Oct 4 16:04:43.642 UTC: IPv6-Fwd: Sending on Tunnel64 000521: Oct 4 16:04:43.642 UTC: Tunnel64: IPv6/IP encapsulated 77.86.*.*->212.113.147.150 (linktype=79, len=120) 000522: Oct 4 16:04:43.642 UTC: Tunnel64 count tx, adding 20 encap bytes. 000523: Oct 4 16:04:45.642 UTC: IPv6-Fwd: Destination lookup for 2001:4860:4860::8888 : i/f=Tunnel64, nexthop=2001:4860:4860::8888 000524: Oct 4 16:04:45.642 UTC: IPV6: source xxxx:xxxx:xxxx:xxxx::1 (local) 000525: Oct 4 16:04:45.642 UTC: dest 2001:4860:4860::8888 (Tunnel64) 000526: Oct 4 16:04:45.642 UTC: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating 000527: Oct 4 16:04:45.642 UTC: IPv6-Fwd: Sending on Tunnel64 000528: Oct 4 16:04:45.642 UTC: Tunnel64: IPv6/IP encapsulated 77.86.*.*->212.113.147.150 (linktype=79, len=120) 000529: Oct 4 16:04:45.642 UTC: Tunnel64 count tx, adding 20 encap bytes.