Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:configuration:ipv6 [2021/05/22 13:27] – bstafford
+++ paloaltonetworks:configuration:ipv6 [2022/11/23 12:49] (current) – external edit 127.0.0.1
@@ Line 2: / Line 2: @@
 <code>ping inet6 yes source 2001:db8:1:1::2 host 2001:4860:4860::8888</code>
-A IPv6 Bogon address that can be used for sinkholing is <code>2600:5200::1/128</code>
+An IPv6 Bogon address that can be used for sinkholing is <code>2600:5200::1/128</code>
 ===== Clientless VPN =====
 Clientless VPN works fine from outside the network when the target webserver is dual stacked AND has both public AAAA record and A record.
-However, if you are inside the network, Clientless VPN will break if the target webserver is dual stacked AND has both an AAAA record and an A record..If you are inside the network, Clientless VPN will only work if there is no AAAA record for the target web server. This is based on what the endpoint can see. It doesn't matter about the DNS Proxy used by the Portal.
+However, if you are inside the network, Clientless VPN will break if the target webserver is dual stacked AND has both an AAAA record and an A record. If you are inside the network, Clientless VPN will only work if there is no AAAA record for the target web server. This is based on what the endpoint can see. It doesn't matter about the DNS Proxy used by the Portal.
+===== IPv6 Delay =====
+If you see that clients get IPv6 from Palo RA but only after 5 minutes, try chaning the RA min/max values to 3/10 seconds. Also, change the DNS Lifetime settings to 20 seconds.