Meraki MX DDNS IPV6 Client VPN access issues

Solved
CharlieCrackle
A model citizen

Meraki MX DDNS IPV6 Client VPN access issues

 

I know the MX does not support IPV6, but we have started to get a a lot of clients with this issues when connecting via L2TP to Meraki MX (client vpn)

 

The client connects to the Meraki DDNS name  and then can not establish VPN.

 

On pinging the Meraki DDNS name the IPV6 address is returned ??  Why ??

 

I then disable IPV6 on the interface connecting to the internet  and ping and I get the IPV4 address

 

Now the VPN works.

 

What has changed   does the DDNS name now support IPV6  ready for the MX64 to support it soon.

 

It is a real Pain and caused a lot of support issues with the VPN access

 

 

Anyone else having these issue recently ?

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

Assuming the MX is in NAT mode; you can't get an IPv6 IP address onto its WAN interface.  Since it can not get an IPv6 address it can not register such an address in DDNS.

 

So I'm going to guess the ISP the client is connecting from is running some kind of NAT64 gateway, allowing native IPv6 connectivity from the client to IPv4 addresses.  If this is the case DNS lookups for domains without an IPv6 address would return the IPv6 address of the NAT64 gateway.

 

L2TP over IPSec can not work through NAT64.

View solution in original post

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

Assuming the MX is in NAT mode; you can't get an IPv6 IP address onto its WAN interface.  Since it can not get an IPv6 address it can not register such an address in DDNS.

 

So I'm going to guess the ISP the client is connecting from is running some kind of NAT64 gateway, allowing native IPv6 connectivity from the client to IPv4 addresses.  If this is the case DNS lookups for domains without an IPv6 address would return the IPv6 address of the NAT64 gateway.

 

L2TP over IPSec can not work through NAT64.

CharlieCrackle
A model citizen

Yes Telstra is using NAT64 on this mobile phone tower. So all we need now is the MX to support IPv6 natively! 🙂
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels