>
    Enable IPv6 Networking for Remote Networks
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Advanced Deployments
    4. IPv6 Support for Private App Access
    5. Enable IPv6 Networking for Remote Networks
    Download PDF
    Prisma Access

    Enable IPv6 Networking for Remote Networks

    Table of Contents

    Enable IPv6 Networking for Remote Networks

    Enable IPv6 networking in a Prisma Access remote network deployment.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Prisma Access
       license version 2.2 Preferred and later
    For remote network connections, you can use IPv6 subnets for static routes. For BGP routing, you can enter IPv6 peer addresses and specify that BGP use IPv6 routing only or both IPv4 and IPv6 routing.
    To configure IPv6 networking for remote network connections, complete the following task.

    Cloud Management

    Enable IPv6 networking in a Prisma Access remote network deployment.
    1. Select
      Manage
      Remote Networks
      Remote Networks Setup
      .
      If you're using Strata Cloud Manager, go to
      Workflows
      Prisma Access Setup
      Remote Networks
      and
      Add Remote Networks
      .
    2. Add a new remote network connection or select an existing remote network connection to edit it.
    3. Set up IPv6 routing for your remote network.
      1. (
        Static Routing Deployments Only
        ) Enter one or more
        Corporate Subnets
         in the
        Static Routes
         tab.
      2. (
        BGP Routing Deployments Only
        ) Specify the method to exchange IPv4 and IPv6 BGP routes; then, enter an IPv6
        Peer Address
         and
        Local Address
        .
        • To use a single IPv4 BGP session to exchange both IPv4 and IPv6 BGP peering information, select
          Exchange both IPv4 and IPv6 routes over IPv4 peering
          .
        • To an IPv4 BGP session to exchange IPv4 BGP peering information and an IPv6 session to exchange IPv6 BGP peering information, select
          Exchange IPv4 routes over IPv4 peering and IPv6 routes over IPv6 peering
          .
        • To use a single IPv6 BGP session to exchange IPv6 BGP peering information, select
          Exchange IPv6 routes over IPv6 peering
          .
      3. If your secondary WAN uses a different peer or local address, deselect
        Same as Primary WAN
         and enter the IPv6
        Peer Address
         and
        Local Address
         for the secondary WAN.
    4. (
      Optional
      ) If your internal DNS servers use are reachable by IPv6 addresses, select
      Manage
      Service Setup
      Remote Networks
      Remote Networks Setup
      Advanced Settings
       and find
      DNS Proxy
      ,
      Add
       a rule or specify the default rule, and specify
      Custom DNS Server
       IPv6 addresses for the
      Primary DNS
       and
      Secondary DNS
       server.
      Prisma Access allows you to specify DNS servers to resolve both domains that are internal to your organization and external domains. If you do not specify any settings, Prisma Access does not proxy DNS requests for remote networks. You also need to select a
      Region
      .
      You can enter any combination of IPv4 or IPv6 addresses for primary and secondary DNS servers.
      • IPv4 addresses use A records, while IPv6 addresses use AAAA records. Some DNS servers can perform AAAA DNS lookups over IPv4 transport; therefore, you might not need a server with an IPv6 IP address.
      • If you're using Strata Cloud Manager, go to
        Workflows
        Prisma Access Setup
        Remote Networks
        Advanced Settings
         find
        DNS Proxy
        .
    5. If you have not yet completed the remote network connection setup, complete it now.
      IPv6 internet access for remote network connections is enabled by an underlay connection, in which IPv6 traffic is passed through an IPv4 tunnel.
    6. Push Config
       to deploy your changes to you network.

    Panorama

    Enable IPv6 networking in a Prisma Access remote network deployment.
    1. (
      Optional
      ) Enter IPv6 addresses to your custom DNS server proxy configuration.
      1. Select
        Panorama
        Cloud Services
        Configuration
        Remote Networks
         and edit the settings by clicking the gear icon in the
        Settings
         area.
      2. In the
        DNS Proxy
         area, enter IPv6
        Custom DNS Server
         addresses for your DNS proxy settings.
    2. Select
      Panorama
      Cloud Services
      Configuration
      Remote Networks
      .
    3. Add
       a new remote network connection or select an existing remote network connection to edit it.
    4. Set up IPv6 routing for your remote network.
      1. (
        Static Routing Deployments Only
        ) Enter one or more
        Corporate Subnets
         in the
        Static Routes
         tab.
      2. (
        BGP Routing Deployments Only
        ) Specify the method to exchange IPv4 and IPv6 BGP routes; then, enter an IPv6
        Peer Address
         and
        Local Address
        .
        • To use a single IPv4 BGP session to exchange both IPv4 and IPv6 BGP peering information, select
          Exchange both IPv4 and IPv6 routes over IPv4 peering
          .
        • To an IPv4 BGP session to exchange IPv4 BGP peering information and an IPv6 session to exchange IPv6 BGP peering information, select
          Exchange IPv4 routes over IPv4 peering and IPv6 routes over IPv6 peering
          .
        • To use a single IPv6 BGP session to exchange IPv6 BGP peering information, select
          Exchange IPv6 routes over IPv6 peering
          .
      3. If your secondary WAN uses a different peer or local address, deselect
        Same as Primary WAN
         and enter the IPv6
        Peer Address
         and
        Local Address
         for the secondary WAN.
    5. (
      Optional
      ) If your internal DNS servers use are reachable by IPv6 addresses, select
      Panorama
      Cloud Services
      Configuration
      Remote Network
      Settings
      , click the gear icon to edit the settings, select the
      DNS Proxy
       tab,
      Add
       a rule or specify the default rule, and specify
      Custom DNS Server
       IPv6 addresses for the
      Primary DNS
       and
      Secondary DNS
       server.
      Prisma Access allows you to specify DNS servers to resolve both domains that are internal to your organization and external domains. If you do not specify any settings, Prisma Access does not proxy DNS requests for remote networks. You also need to select a
      Region
      .
      You can enter any combination of IPv4 or IPv6 addresses for primary and secondary DNS servers.
      IPv4 addresses use A records, while IPv6 addresses use AAAA records. Some DNS servers can perform AAAA DNS lookups over IPv4 transport; therefore, you might not need a server with an IPv6 IP address.
    6. If you have not yet completed the remote network connection setup, complete it now.
    7. Commit and Push
       your changes.
    8. Select
      Panorama
      Cloud Services
      Status
      Network Details
      Remote Networks
       and make a note of the
      EBGP Router
       addresses.
      After you commit your changes, you will have an IPv6
      EBGP Router
       addresses for service connections.
      Because the IPSec tunnel used for the remote network connection uses IPv4 addressing, the
      Service IP Address
       stays as an IPv4 address.
      IPv6 internet access for remote network connections is enabled by an underlay connection, in which IPv6 traffic is passed through an IPv4 tunnel.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.