As you can see in the Live Tunnel Status, the PoP has it configured, as such the PoP side is ready. Why do you have to select the source? That is interesting though, would almost mean that the final destination cannot be reached, which is odd, though could just be a firewall (I'll ask ACSData about that). From our side we also see a similar thing: But IPv4 TCP/UDP is fully functional and a lot of other tunnels are marked as up, thus while odd I don't think this is a huge problem or the one causing your tunnel not to work. Outbound traceroute toward you: Could it be that your endpoint is firewalled or routing packets back in the wrong way or so? Don't forget to check protocol 41... While configuration is one thing, can you show the actual interface details and routing tables instead?

Here is the routing table as requested: user@HOST> show route table inet6 inet6.0: 10 destinations, 12 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both ::/0 *[Static/5] 21:43:17 > to 2001:4428:200:12b::1 via ip-0/0/0.2 2001:4428:200:12b::/64 *[Direct/0] 21:43:17 > via ip-0/0/0.2 2001:4428:200:12b::2/128 *[Local/0] 21:43:17 Local via ip-0/0/0.2 2001:4428:200:812b::/64 *[Direct/0] 4d 06:38:06 > via vlan.100 2001:4428:200:812b::1/128 *[Local/0] 4d 06:38:23 Local via vlan.100 fe80::/64 *[Direct/0] 4d 06:38:06 > via vlan.100 [Direct/0] 4d 06:35:09 > via at-1/0/0.0 [Direct/0] 21:43:17 > via ip-0/0/0.2 fe80::42b4:f000:51:4740/128 *[Local/0] 4d 06:38:14 Local via ip-0/0/0.2 fe80::42b4:f00f:fc51:4740/128 *[Direct/0] 4d 06:38:44 > via lo0.0 fe80::42b4:f010:51:4740/128 *[Local/0] 4d 06:37:50 Local via at-1/0/0.0 fe80::42b4:f0ff:fe51:4748/128 *[Local/0] 4d 06:38:23 Local via vlan.100 user@HOST> Simply i need to specify the source as it is a security device so it needs a source so it can apply policies to it. Also for the fact that regardless of routing tables you should always be able to ping directly connected networks :) Here is the show interface of the tunnel. As you will see i'm not recieving any input packets. user@HOST> show interfaces ip-0/0/0.2 extensive Logical interface ip-0/0/0.2 (Index 93) (SNMP ifIndex 553) (Generation 164) Description: Tunnel to ACSData - SixXS Flags: Point-To-Point SNMP-Traps 0x0 IP-Header 202.21.136.122:203.86.203.0:4:df:64:00000000 Encapsulation: IPIP-NULL Traffic statistics: Input bytes : 0 Output bytes : 5992 Input packets: 0 Output packets: 78 Local statistics: Input bytes : 0 Output bytes : 5992 Input packets: 0 Output packets: 78 Transit statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps Security: Zone: InternetCombined Allowed host-inbound traffic : ike ping snmp ssh traceroute Flow Statistics : Flow Input statistics : Self packets : 0 ICMP packets : 0 VPN packets : 0 Multicast packets : 0 Bytes permitted by policy : 0 Connections established : 0 Flow Output statistics: Multicast packets : 0 Bytes permitted by policy : 4144 Flow error statistics (Packets dropped due to): Address spoofing: 0 Authentication failed: 0 Incoming NAT errors: 0 Invalid zone received packet: 0 Multiple user authentications: 0 Multiple incoming NAT: 0 No parent for a gate: 0 No one interested in self packets: 0 No minor session: 0 No more sessions: 0 No NAT gate: 0 No route present: 0 No SA for incoming SPI: 0 No tunnel found: 0 No session for a gate: 0 No zone or NULL zone binding 0 Policy denied: 0 Security association not active: 0 TCP sequence number out of window: 0 Syn-attack protection: 0 User authentication errors: 0 Protocol inet6, MTU: 1280, Generation: 181, Route table: 0 Flags: User-MTU Addresses, Flags: Is-Preferred Is-Primary Destination: 2001:4428:200:12b::/64, Local: 2001:4428:200:12b::2 Generation: 199 Addresses, Flags: Is-Preferred Destination: fe80::/64, Local: fe80::42b4:f000:51:4740 Generation: 200 user@HOST>