Amer Networks E5Web GUI User Manual

First, change the CLI context to be the main routing table:

Device:/> cc RoutingTable main

Add the IPv6 route:

Device:/main> add Route6 Network=my_ipv6_net

Interface=If1
ProxyNDInterfaces=If3

Lastly, return to the default CLI context:

Device:/main> cc
Device:/>

InControl

Follow the same steps used for the Web Interface below.

Web Interface

1.

Go to: Network > Routing > Routing Tables > main > Add > RouteIPv6

2.

Now enter:

•

Interface: If1

•

Network: my_ipv6_net

3.

Go to: Proxy ND and move the interface If3 from Available to Selected

4.

Click OK

Troubleshooting IPv6 with ICMP Ping

The CLI command ping can be used for both IPv4 and IPv6 addresses. For example:

Device:/> ping 2001:DB8::2

This provides the means to determine if an IPv6 host is reachable and responding.

Ping can also be initiated in the Web Interface by going to: Status > Tools > Ping.

Outgoing ICMP messages from the security gateway do not require an IP rule which allows them
since the gateway is trusted. However, if the security gateway is to be pinged by an external host
then an IP rule or IP policy must be set up to allow this, just as it is needed for IPv4. Such an IP
rule or policy would use the predefined Service object called ping6-inbound The service object
called all_icmpv6 covers all IPv6 ICMP messages except mobile ICMP messages.

An appropriate IP rule to allow cOS Core to respond to IPv6 ping messages would be the
following:

Action

Source
Interface

Source
Network

Destination
Interface

Destination
Network

Service

Allow

wan

all-nets6

core

wan_ip6

ping6-inbound

Chapter 3: Fundamentals

139