Support Center > Search Results > SecureKnowledge Details
How to enable IPv6 traffic through a VPN tunnel between R77 Security Gateway and R76 Security Gateway
Symptoms
  • When SecureXL is enabled on an R76 Security Gateway, a VPN tunnel between R76 Security Gateway and R77 Security Gateway cannot be established.

  • Debug of SecureXL (sim dbg -m vpn + vpn) on R76 Security Gateway shows:
    vpn_ipsec_decrypt: invalid next header 41;
    vpn_decrypt: IPSEC decryption failed;
Cause

In R76, SecureXL drops decrypted IPv6 packets when an ESP Next Header field contains a value other than "4" (which is the correct value for IPv4; default value in R76).

In R77, the default value in ESP Next Header field is set to "41" (which is the correct value for IPv6, as described in RFC4303).

Therefore, by default, R76 Security Gateway with enabled SecureXL will drop ESP packets from R77 Security Gateway.


Solution
Note: To view this solution you need to Sign In .