New Contributor
•
1 Message
IPv6 Routing using Arris TG2472 modem (Cox Wireless modem) & Juniper SRX firewall
Hi All,
I was about to ask if anyone had this working, but figured it out and thought I'd share as this would be gold information for a few with the need.
I have a Juniper SRX240 setup behind the Arris TG2472 modem. The modem can do IPv6 and will pull an address using SLAAC.
Any, the Arris modem is using a link-local as the gateway. It says the link-local is FE80::226:99FF:FE89:EBD9.
On my juniper, I entered the command, 'set routing-options rib inet6.0 static route 0::/0 qualified-next-hop fe80::226:99ff:fe89:ebd9 interface ge-0/0/0.0'. This is the command required to enter a link-local as a next-hop (more or less gateway) for the firewall.
I tried to ping google v6 dns (2001:4860:4860::8888) and it didn’t work. I had a client plugged into the Arris modem as well as it was successful, so I checked the IPv6 neighbors on the windows client and didn’t see fe80::226:99ff:fe89:ebd9, but I did see fe80::3e7a:8aff:fefb:3609 (check output below) and more specifically, it is also a router. I changed the Juniper cmd to 'set routing-options rib inet6.0 static route 0::/0 qualified-next-hop fe80::3e7a:8aff:fefb:3609 interface ge-0/0/0.0' and viola….IPv6 Magic! So, I don’t even see the link-local that the Arris modem says it sees, but whatever…likely a bug. This is now working.
BTW, you get a /60, so I am testing using routed /64’s behind each other to see if that works. It should, but you never can tell with cheaper gear.
Happy routing!
C:\WINDOWS\system32>netsh interface ipv6 show neighbors
Interface 6: External (Note, this is what I named my NIC, yours will likely be Local Area Connection 1).
Internet Address Physical Address Type
-------------------------------------------- ----------------- -----------
2600:8801:9600:a60::27 64-87-88-4f-53-00 Reachable (Router)
2600:8801:9600:a60:dc0b:16ff:7396:46a3 30-f9-ed-b9-d5-ec Stale
fe80::2021:1669:3f57:ffe4 00-00-00-00-00-00 Unreachable
fe80::3987:e30a:9749:495f 00-00-00-00-00-00 Unreachable
fe80::3e7a:8aff:fefb:3609 3c-7a-8a-fb-36-09 Reachable (Router)
fe80::42b4:f003:e8f9:7f01 Unreachable Unreachable
fe80::59e4:f17b:7bc0:d5b7 08-3e-8e-c1-a9-1d Stale
fe80::6c9b:c68e:caa:d83f 30-f9-ed-b9-d5-ec Stale
fe80::d01d:4ba:5d4a:6273 00-00-00-00-00-00 Unreachable
Tecknowhelp
Valued Contributor II
•
2.8K Messages
9 years ago
If you even know what a Juniper firewall is, you shouldn't be using a gateway IMO. I would suggest getting a Netgear CM600 for internet and a DPQ3212 for phone (if required) and then test your firewall config direct to the CM600 modem.
PS. Are you calling the TG2472 a modem on purpose or accident? Nothing with more then 1 LAN port is a modem. Do you have something to use as a router?
0
0
zils72
New Contributor
•
1 Message
9 years ago
Do you know how to connect a Netgear CM600 modem along with the DPQ3212 so that my phone lines work thru the DPQ but my WiFi goes through the CM600? Tried to hook it up while on phone with COX tech but she couldn't get it to work for me. Any help you could provide would be GREATLY appreciated.
0
0
ChrisL
Former Moderator
•
7.1K Messages
9 years ago
You should be able to connect the Netgear to a working cable outlet and contact our technical support to move the data provisioning from the Cisco to the Netgear. This process is usually pretty simple unless the modem is associated with another account.
0
0