Skip to main content
Cisco Meraki

IPv6 Support on MX Security & SD-WAN Platforms - VPN

VPN

Meraki AutoVPN

The MX is able to carry and route IPv6 and IPv4 traffic inside the AutoVPN tunnels, but leverages IPv4 to create the end-to-end tunnels themselves. Note that at this time, MXs cannot establish IPv6 AutoVPN tunnels.

Note:

  • Currently, only Local VLANs in Routed mode or Local Networks are currently supported for IPv6.  

  • Local Static routes cannot be advertised in VPN.

  • Since eBGP is not supported for IPv6, traffic routed across AutoVPN.  Traffic exiting at the hub will require an IPv6 route from the upstream gateway (including the spoke prefixes) pointed back to the hub MX, so the return traffic can be properly routed back to the spokes.

  • IPv6 full-tunnel support is not implemented at this time due to technical limitations. Hence, disable VPN mode for IPv6 enabled VLANs or disable IPv6 for VLANs which you wish to use IPv4 full-tunnel.

  • Browse to Security & SD-WAN > Site-to-site VPN page

  • Ensure MX is configured in the desired VPN mode (Off, Hub or Spoke)

    • If in spoke mode, remember to configure the appropriate hubs

  • Scroll down to the VPN Settings and Enable/Disable VPN mode for each VLAN as desired

  • Save the changes to apply the configuration

Note:

  • Currently eBGP is not supported for IPv6, as such an IPv6 peer cannot be configured at this time.

  • Browse to Security & SD-WAN > Site-to-site VPN page

    • Ensure MX is configured in the desired VPN mode (Hub or Spoke)

  • Scroll to the VPN Settings section > Local networks > Click “Add a local network”

    • Configure the desired IPv6 Prefixes (1 per entry) & click save to commit the changes

 

 

Refer to the main KB: IPv6 Support on MX Security & SD-WAN Platforms [Core Fundamentals]

  • Was this article helpful?