I'm looking for help in that I cannot ping anything on the internet via IPv6 from an internal IPv4/IPv6 VLAN Segment.My VLAN.7 is configured with globally routable IPv6 and from it I can ping it's /64 gateway, and my routers last hop before the ISP. From the SRX router I can ping everywhere IPv6, including my internal VLAN.7 IPv6 users, ISP, OPENDNS IPv6 etc. But alas, from that VLAN I cannot reach the internet IPv6.
My internal polices and zones are configured for ANY ANY PERMIT from my Internal Zone to Internet Zone.
Any help would be greatly appreciated. Thank you in adavance!
From zone: Internal, To zone: Internet Policy: InternalTOInternet, State: enabled, Index: 21, Scope Policy: 0, Sequence number: 1 Source addresses: any Destination addresses: any Applications: any Action: permit
Security zone: Internal Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 10 Interfaces: ge-0/0/2.0 ge-0/0/4.0 ge-0/0/5.0 ge-0/0/6.0 ge-0/0/7.0 st0.1 vlan.1 vlan.2 vlan.5 vlan.7
inet6.0: 10 destinations, 12 routes (10 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both
::/0 *[Static/5] 01:18:15 > to 2001:438:fffe::f69 via ge-0/0/0.02001:438:2d:10::/64*[Direct/0] 01:18:15 > via vlan.72001:438:2d:10::1/128 *[Local/0] 01:18:32 Local via vlan.72001:438:2d:40::/64*[Direct/0] 01:18:15 > via vlan.52001:438:2d:40::1/128 *[Local/0] 01:18:32 Local via vlan.52001:438:fffe::f68/126 *[Direct/0] 01:18:15 > via ge-0/0/0.02001:438:fffe::f6a/128 *[Local/0] 01:18:21 Local via ge-0/0/0.0fe80::/64 *[Direct/0] 01:18:15 > via ge-0/0/0.0 [Direct/0] 01:18:15 > via vlan.5 [Direct/0] 01:18:15 > via vlan.7fe80::3e61:4ff:fe98:4440/128 *[Local/0] 01:18:21 Local via ge-0/0/0.0fe80::3e61:4ff:fe98:4448/128 *[Local/0] 01:18:32 Local
Please check flow mode is enabled for IPv6 by using the command "show security flow status".
Hi Nellikka - Thank you for your reply. I do have IPv6 Flow enabled. I'm checking with the carrier/ISP to see if they have a static route back to me. 2001:438:002D::/48 to 2001:438:fffe::f6a/126. I don't think that they do at this point.show security flow status Flow forwarding mode: Inet forwarding mode: flow based Inet6 forwarding mode: flow based MPLS forwarding mode: drop ISO forwarding mode: drop Flow trace status Flow tracing status: off Flow session distribution Distribution mode: RR-based Flow ipsec performance acceleration: off Flow packet ordering Ordering mode: Hardware
It turned out to be an issue with carrier as I had begun to suspect. They were missing a route to my assigned IPv6 addresses. Thank you for your time ALL.