Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  IPv6 host address on Untrusted interface not pingable

    Posted 09-03-2009 17:24

    Well, now I tried setting up the public-facing interface (in zone untrusted) with an IPv6 host address:

     

    set interface "ethernet0/0" ipv6 mode "host"
    set interface "ethernet0/0" ipv6 interface-id 9254540000000131
    set interface "ethernet0/0" ipv6 ip 2607:f4b8:3:12:9254:5400:0:131/128
    set interface "ethernet0/0" ipv6 enable

     

    The public router on the same subnet is: 2607:f4b8:3:12:9254:5400:0:129

     

    I do not get a response back from:  ping6 -n 2607:f4b8:3:12:9254:5400:0:131

     

    PING 2607:f4b8:3:12:9254:5400:0:131(2607:f4b8:3:12:9254:5400:0:131) 56 data bytes
    From 2607:f4b8:3:12:9254:5400:0:129 icmp_seq=1 Destination unreachable: Address unreachable

     

    So what am I doing wrong?

     

    I do not have any IPv6 policies yet, but I should not need one, as the interface and the router are both in the same zone?

     



  • 2.  RE: IPv6 host address on Untrusted interface not pingable
    Best Answer

    Posted 09-03-2009 17:28

    Well forget this one...

     

    Again tripped up by how Redhat Linux does IPv6 static addresses in the ifcfg-eth0 file.  There you don't specify the length of the prefix, it just figures it out to be /64.

     

    Here on the netscreen, the prefix is meant to be the routing prefix, so I had to change it from /128 (thinking this was an address) to /64.

     

    And bingo, the ping6 responds.

     

    Sigh.

     

    Next I will have to make sure the routing is working internally...