I finally got an IPv6 tunnel going on my Netscreen SSG 5. So I thought I'd post the relevant configuration details here.
I'm currently running ScreenOS 5.4.0r3a0; there seems to be some WebUI bugs with IPv6 so it is best to do it via the command line.
Update: I just got a response back from JTAC. IPv6 is only supported on the ISG2000. So I'm unsure when/if it the WebUI bugs will be fixed.
Update2: IPv6 is now supported on the SSG 5 under screenos 6, the WEBUI bug has been fixed.
The first step is to enable IPv6 on your Netscreen.
Type the following then save your config and restart the device:
Now let's setup the trust interface:
So we've setup my trust interface with the IPv6 subnet and autoconfiguration should be working.
Now let's setup a tunnel interface for the traffic to run through:
Now we'll setup a static route for IPv6 traffic to go through:
And finally we need to setup a policy to allow traffic out:
You may want to setup some policies to allow traffic in too.
That should be all you need to do.
Is 4in6 tunneling support avalible in screenos 6.2 on SSG 520 firewall?1: Comment Link
Yes I believe so.2: Comment Link