I have read and followed the "Reporting Problems" section on the Contact page and am providing the following details for this report based on the list of items stated there: I am getting ICMP "Administratively prohibited" messages from my subnet (2001:4978:205::/48, R8445) from tunnel T19890 (associated with this NIC handle, ET1363-RIPE). The tunnel terminates at a Cisco without any traffic filters configured. As you can see from the output below, IPv4 connectivity is fine. I can ping www.sixxs.net's IPv6 address when I source from the tunnel's address. Configuration rtr-edge(config-if)#do sh run int tun0 Building configuration... Current configuration : 203 bytes ! interface Tunnel0 description SixXS no ip address ipv6 address 2001:4978:F:2BC::2/64 ipv6 enable no ipv6 redirects tunnel source Dialer0 tunnel destination 216.14.98.22 tunnel mode ipv6ip end rtr-edge(config-if)#do sh run int lo0 Building configuration... Current configuration : 121 bytes ! interface Loopback0 ip address 10.0.7.226 255.255.255.255 ipv6 address 2001:4978:205::2/128 ipv6 ospf 1 area 0 end Working Example rtr-edge(config-if)#do ping www.sixxs.net source tun0 Translating "www.sixxs.net"...domain server (10.0.6.5) [OK] Translating "www.sixxs.net"...domain server (10.0.6.5) [OK] Translating "www.sixxs.net"...domain server (10.0.6.5) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:838:1:1:210:DCFF:FE20:7C7C, timeout is 2 seconds: Packet sent with a source address of 2001:4978:F:2BC::2 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 140/144/148 ms rtr-edge(config)#do trace www.sixxs.net Translating "www.sixxs.net"...domain server (10.0.6.5) [OK] Translating "www.sixxs.net"...domain server (10.0.6.5) [OK] Translating "www.sixxs.net"...domain server (10.0.6.5) [OK] Type escape sequence to abort. Tracing the route to www.m.sixxs.net (2001:838:1:1:210:DCFF:FE20:7C7C) 1 gw-701.chi-02.us.sixxs.net (2001:4978:F:2BC::1) 48 msec 44 msec 44 msec 2 sixxs.ge-0.0.0-30.core1.chi.bb6.your.org (2001:4978:1:400::FFFF) 36 msec 44 msec 36 msec 3 gige-g2-19.core1.chi1.he.net (2001:470:0:7F::1) 48 msec 52 msec 36 msec 4 10gigabitethernet2-4.core1.nyc4.he.net (2001:470:0:4E::2) 60 msec 56 msec 60 msec 5 10gigabitethernet1-2.core1.lon1.he.net (2001:470:0:3E::2) 136 msec 140 msec 128 msec 6 10gigabitethernet1-1.core1.ams1.he.net (2001:470:0:3F::2) 140 msec 136 msec 136 msec 7 2001:470:1:1F::2 496 msec 140 msec 136 msec 8 jointtransit.ip6.concepts-ict.nl (2A02:10:0:2::4) 136 msec 140 msec 148 msec 9 2001:838:5:4::1 140 msec 140 msec 140 msec 10 2001:838:0:10::2 140 msec 140 msec 140 msec 11 www.m.sixxs.net (2001:838:1:1:210:DCFF:FE20:7C7C) 140 msec 136 msec 140 msec Broken Example rtr-edge(config-if)#do ping www.sixxs.net source lo0 Translating "www.sixxs.net"...domain server (10.0.6.5) [OK] Translating "www.sixxs.net"...domain server (10.0.6.5) [OK] Translating "www.sixxs.net"...domain server (10.0.6.5) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:838:1:1:210:DCFF:FE20:7C7C, timeout is 2 seconds: Packet sent with a source address of 2001:4978:205::2 AAAAA Success rate is 0 percent (0/5) rtr-edge(config-if)#do trace Protocol [ip]: ipv6 Target IPv6 address: www.sixxs.net Translating "www.sixxs.net"...domain server (10.0.6.5) [OK] Source address: 2001:4978:205::2 Insert source routing header? [no]: Numeric display? [no]: Timeout in seconds [3]: Probe count [3]: Minimum Time to Live [1]: Maximum Time to Live [30]: 8 Priority [0]: Port Number [33434]: Type escape sequence to abort. Tracing the route to noc.sixxs.net (2001:838:1:1:210:DCFF:FE20:7C7C) 1 gw-701.chi-02.us.sixxs.net (2001:4978:F:2BC::1) 44 msec 48 msec 48 msec 2 sixxs.ge-0.0.0-30.core1.chi.bb6.your.org (2001:4978:1:400::FFFF) !A !A !A Additionally, here is a traceroute from SixXS's distributed traceroute towards the lo0 interface on this router: http://www.sixxs.net/tools/traceroute/?pop=noc-6&dpop=other&dest=2001:4978:205::2