For the purposes of this example I am configuring an IPv6 network between one of my PC NICs and the SRX interface fe-0/0/1. As this is considered a private network I will be following RFC4193.
I am using the website http://www.sixxs.net/tools/grh/ula/ in order to generate an IPv6 Unique Local Address (ULA)
The assigned IPv6 address space I will be using is fd13:17d7:1ad6::/48
I will be using fd13:17d7:1ad6::1/48 for my local PC and fd13:17d7:1ad6::2/48 for the SRX. As my test PC is running Windows XP I had to start by installing the IPv6 stack and then configure my NIC using Netsh:
netsh interface ipv6>add address "Local Area Connection" fd13:17d7:1ad6::1
netsh interface ipv6>add route fd13:17d7:1ad6::/48 "Local Area Connection"
We now need to configure the SRX. As mentioned the configuration is on the fe-0/0/1 interface
root@host# set interfaces fe-0/0/1 unit 0 family inet6 address fd13:17d7:1ad6::2/48
At this point I have set up the addressing correctly however I will not be able to ping the SRX from my test PC as by default the SRX series or J series devices drops IPv6 traffic. To enable processing of IPv6 via zones, screens and policies I must enable flow-based forwarding for IPv6 traffic.
root@host# set security forwarding-options family inet6 mode packet-based
Once done I can confirm connectivity
Hi ,
ReplyDeleteThanks for this post. I was looking for similar configuration.
I have question here, For V6 to work we should run the SRX in flow-based mode?
In your article you said should configure as flow-based but the cli you have mentioned is packet-based.
could you clarify?