NIC handle: RT744-RIPE Tunnel: T13884 I have no incoming connectivity on this tunnel. While my outgoing packets arrive at their destination, return packets are rejected by the POP (2a01:348:0:4:0:3:1:1) with network unreachable. A tcpdump from a remote host while ping is running: 07:05:52.622262 IP6 2a01:348:6:78::2 > 2a01:348:0:6:4d4b:69f2:0:1: ICMP6, echo request, seq 339, length 64 07:05:52.622277 IP6 2a01:348:0:6:4d4b:69f2:0:1 > 2a01:348:6:78::2: ICMP6, echo reply, seq 339, length 64 07:05:52.623328 IP6 2a01:348:0:4:0:3:1:1 > 2a01:348:0:6:4d4b:69f2:0:1: ICMP6, destination unreachable, unreachable route 2a01:348:6:78::2, length 112 (2a01:348:6:78::2 is me, 2a01:348:0:6:4d4b:69f2:0:1 is the remote host.) I am also unable to ping the tunnel endpoint (2a01:348:6:78::1). My host is a Solaris Nevada build 91 system behind a Cisco 857 router (IOS 12.4(6)T8) which is doing NAT. The system's internal IP is 192.168.0.146 and its external address is 87.194.173.122. I have added an appropriate static NAT rule: ip nat inside source static 192.168.0.146 87.194.173.122 I have added an ACL entry "permit 41 any any"; even when removing the ACL from the interface entirely, there is no change. The router is configured for CBAC ("ip inspect"), but I don't believe this affects non-TCP/UDP packets (and disabling CBAC has no effect). Host configuration: e1000g0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2 inet 192.168.0.145 netmask ffffff00 broadcast 192.168.0.255 ether 0:14:4f:4a:ae:17 e1000g0:1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2 inet 192.168.0.146 netmask ffffff00 broadcast 192.168.0.255 ip.tun0: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6> mtu 1480 index 7 inet tunnel src 192.168.0.146 tunnel dst 77.75.104.126 tunnel hop limit 60 inet6 fe80::c0a8:92/10 --> fe80::4d4b:687e ip.tun0:1: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6> mtu 1480 index 7 inet6 2a01:348:6:78::2/64 --> 2a01:348:6:78::1 There is no firewall or packet filter on the host. Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --------------------------- --------------------------- ----- --- ------- ----- 2a01:348:6:78::1 2a01:348:6:78::2 UH 1 1 ip.tun0:1 fe80::4d4b:687e fe80::c0a8:92 UH 1 0 ip.tun0 default 2a01:348:6:78::1 UG 1 3 ::1 ::1 UH 2 114 lo0 Traceroute to the POP: traceroute to 77.75.104.126 (77.75.104.126) from 192.168.0.146, 30 hops max, 40 byte packets 1 adslgate.local (192.168.0.2) 0.772 ms 0.719 ms 0.777 ms 2 87-194-172-1.bethere.co.uk (87.194.172.1) 45.984 ms 50.380 ms 30.002 ms 3 * 10.1.2.5 (10.1.2.5) 34.495 ms 78.517 ms 4 ae0-461.rt0.sov.uk.goscomb.net (195.66.226.226) 35.412 ms 32.638 ms 32.007 ms 5 ae0-1624.rt2.the.uk.goscomb.net (77.75.109.161) 32.406 ms 41.644 ms 32.040 ms 6 gblon02.sixxs.net (77.75.104.126) 46.446 ms 32.950 ms 32.603 ms