IPV6
Internet Protocol Version 6
Male IT Specialist Holds Laptop and Discusses Work with Female Server Technician. They're Standing in Data Center, Rack Server Cabinet is Open.
Highlighted
New Member

Cant get Comcast IPv6 to work through Zyxel WyWALL 110 Firewall

I am trying to enable IPV6 through my ZyWall 110 with my ISP (comcast). If I connect directly to the comcast router the IPV6 works, however, through the firewall it doesn't work.

Here is the dedicated information I have been provided by Comcast:
Static IPv6 Information: 2603:3001:390b:6d00::/56
Static IP Range: 96.93.179.209 - 96.93.179.221
CIDR Block Number: 96.93.179.208/28
Gateway IP Address: 96.93.179.222
Subnet Mask IP Address: 255.255.255.240

I followed the instructions located here, but to no avail:
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=015534&lang=EN
and tried http://forums.xfinity.com/t5/Your-Home-Network/ZyXel-USG50-IPV6/td-p/1997983

 

You can see the wan configuration here:
wan.png

 

You can see the lan configuration here:
lan.png

 

When ssh'd into the router this is what I see:
router-routes.png

 

 

Then I ping google and it works:
Router> ping6 ipv6.google.com
PING ipv6.google.com(2607:f8b0:4002:802::200e) 56 data bytes
64 bytes from 2607:f8b0:4002:802::200e: icmp_seq=1 ttl=55 time=49.0 ms
64 bytes from 2607:f8b0:4002:802::200e: icmp_seq=2 ttl=55 time=28.7 ms
64 bytes from 2607:f8b0:4002:802::200e: icmp_seq=3 ttl=55 time=27.0 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 27.082/34.962/49.024/9.967 ms

 

Then I connect my pc to the LAN port (ie DPFW1) and here is my setup:
local-ip.png

 

 

And here is my routing table:
local-routing.png


But when I test pinging google, it does not work. I can ping the LAN (DPFW1 Interface) but not WAN (xfinity) interface:
local-pings.png

 

 

0 Kudos
4 REPLIES 4
Highlighted
Respected Member

Re: Cant get Comcast IPv6 to work through Zyxel WyWALL 110 Firewall

Hello digitalpioneers and welcome to forums,

 

I apologize for the delayed response to your post. Unfortunately I cannot speak to proper configuration on your 3rd party network equipment. I did want to confirm with you that you only have one device pushing IP delegation i.e. disable DHCP in our gateway or on your network device. This may be one configuration step closer to getting you IPv6 routing properly. Please let me know if your gateway has any issues with your connection.

 

Thank You

0 Kudos
New Member

Re: Cant get Comcast IPv6 to work through Zyxel WyWALL 110 Firewall

Did you ever get this working?  I was thinking of trying to get my Zywall ATP 200 configured to use our IPV6 static block as well?

0 Kudos
Highlighted
Official Employee

Re: Cant get Comcast IPv6 to work through Zyxel WyWALL 110 Firewall

Good morning, thank you so much for taking the time out to reach out to the Digital Care Team here through the forums. You have reached the right team to help with any concerns you may have with setting up with Zyxel with the Comcast network. Have you been able to reach out to your local IT to help set up with Zyxel by chance? 

0 Kudos
Highlighted
Frequent Contributor

Re: Cant get Comcast IPv6 to work through Zyxel WyWALL 110 Firewall

I know the post above is a couple of years old. But look like the original poster followed the advice on the ZyXel side too closely. The example configuration suggests using "2002:1111:1111:1111::/64" as a prefix for the LAN router advertisements. Looks like this is what the original poster used. The prefix advertised to the LAN has to be within the prefix the router received from the cable modem via DHCP. Many routers should have the ability to adjust this automatically. I am not familiar enough with Zyxel to know if it has a feature like this.

 

Here a quick primer on how IPv6 addresses *Should* work in your case with Comcast:

- Your modem will receive a /56 from Comcast.

- One /64 will be used for devices connected to the modem directly.

- Each router connected to the modem will receive a /60 (so you could have 16 routers connected to the modem)

- Each router now is able to use 16 /64s for different VLANs/Subnets. 

 

The Comcast "trick" that probably caused me the most pain: You have to use DHCP-PD. If you don't, the addresses will not work. The modem will either drop them or send ICMPv6 Type 1 Code 5 (Egress/Ingress violation) back.

 

 

 

 

0 Kudos