Hot![solved] SSL-VPN IPv6

Author
NKL
Bronze Member
  • Total Posts : 29
  • Scores: 8
  • Reward points: 0
  • Joined: 2006/06/04 04:00:19
  • Status: online
2014/05/13 07:24:49 (permalink)
0

[solved] SSL-VPN IPv6

For a testlab-environment (FGT60D, OS 5.0.7), I want to setup a IPv6-SSL-VPN, but failed so far. Has anybody managed to setup a SSLVPN with full IPv6 support (IPv6-IP-Pools, tunneling/split-tunneling etc.)? The documentation on IPv6 or SSL VPN does not really give any substantial information or examples.

The GUI obviously only allows for IPv4 at " VPN -> SSL -> Portal/Config" , even though the IPv6-feature is activated. But the CLI is not of much help either: trying to configure a ssl-portal with widget-setting " set ipv6-split-tunneling enable" results in this setting not even show up in the config.

Anyone can point me to some documentation, examples or supply a config-file? Thanks in advance.

EDIT:
So, it turns out, that it works perfectly fine with just the setting " set split-tunneling" enabled. No need for " set ipv6-split-tunneling enable" . Just add IPv6-pools to portal-config and ssl-settings via CLI, add IPv6-polices for SSL-VPN (via GUI) and you are good to go.
< Message edited by NKL -- 5/13/2014 7:59:12 AM >
#1

4 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 5546
    • Scores: 357
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    RE: SSL-VPN IPv6 2014/05/13 07:59:36 (permalink)
    0
    I really curious about this one myself. I open a case with TAC about 6 months and got nowhere with them and supposely we have IPV6SSLVPN support.

    Even the cisco ASA anyconnect supports ipv6 in their implementation. If I ever get it working, I will post a thread on my blog. And to be clear on what I want todo;


    enable SSLVPN6 for native ipv6 clients

    enable SSLVPN6 for ipv4 that attaches via ipv4 to a FGT and get a tunnel-mode ipv6 address



    TAC was clueless and never provided me a working example. I figure it would be the same ( as ipv4 ) but I ran into issues defining a ipv6-pool to the SSLvpn configuration fwiw.

    PCNSE 
    NSE 
    StrongSwan  
    #2
    NKL
    Bronze Member
    • Total Posts : 29
    • Scores: 8
    • Reward points: 0
    • Joined: 2006/06/04 04:00:19
    • Status: online
    RE: SSL-VPN IPv6 2014/05/13 08:17:04 (permalink)
    0

    enable SSLVPN6 for ipv4 that attaches via ipv4 to a FGT and get a tunnel-mode ipv6 address

    TAC was clueless and never provided me a working example

    That would have been the second task on my list :-) No need to even try, then.
    #3
    ispcolohost
    Silver Member
    • Total Posts : 82
    • Scores: -1
    • Reward points: 0
    • Joined: 2014/11/18 08:06:51
    • Status: offline
    Re: RE: SSL-VPN IPv6 2020/03/19 19:28:54 (permalink)
    0
    NKL on the off chance you're still around, could you post your config that got v6 tunneled over v4 forticlient ssl vpn?  I'm having trouble determining a setup that assigns the forticlient on a v4-only system both addresses and tunnels the v6 over v4.
    #4
    NKL
    Bronze Member
    • Total Posts : 29
    • Scores: 8
    • Reward points: 0
    • Joined: 2006/06/04 04:00:19
    • Status: online
    Re: RE: SSL-VPN IPv6 2020/03/20 10:55:22 (permalink)
    0
    No, sorry. That’s too long ago and, as far as I remember, it never went live. At least, it is not in our current configs.
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5