VPN, CISCO AnyConnect, IPv6 notes

As of Fall 2018 the VPN supports IPv6. This page explains what that means and how IPv6 traffic is handled in the different profiles.

Tunnel All will tunnel both IPv4 and IPv6 traffic back to campus.  All traffic, for all destinations.  Even if your Internet Service provider (ISP) does not support IPv6, you will be able to use IPv6 through the connection to campus, as long as it is enabled on your computer.

Split Tunnel and Split Tunnel Public IPs Only will work in different ways depending on what services your ISP provides.  The IPv4 and IPv6 space considered "campus traffic" is everything on the Guide to University of Illinois IP Spaces page listed under "IP ranges that host systems and/or provide services for Urbana-Champaign".
If your ISP has both IPv4 and IPv6 turned on for your network, then traffic for both IPv4 and IPv6 will be split, with campus traffic going to the VPN, and other traffic going over your ISP connection. 
If your ISP has only IPv4 turned on for your network then traffic for IPv4 will be split,  with campus IPv4 traffic going to the VPN, and other IPv4 traffic going over your ISP connection.  IPv6 traffic for campus will go over the VPN, but if you have no IPv6 support from your ISP, IPv6 traffic not destined for campus will not work. 
A number of services like Facebook, Netflix, and others use IPv6 by default. In this case your traffic to those services will try IPv6 to your ISP and then fail.  Most systems handle this gracefully and switch ever to IPv4 for anything IPv6 doesn't answer on, but some might not.  To keep this from happening either your ISP needs to enable IPv6, you need to disable IPv6 on your computer, or you need to use Tunnel All. 
If your ISP has only IPv6 turned on for your network then traffic for IPv6 will be split,  with campus IPv6 traffic going to the VPN, and other IPv6 traffic going over your ISP connection.  All IPv4 traffic for campus IPv4 addresses will go over the VPN.  IPv4 traffic to other addresses will be handled by your ISP however it normally handles IPv4 traffic on an IPv6 only network.
Not sure if your ISP is providing you IPv4, IPv6 or both? Before you connect to the VPN, go to  https://www.whatismyip.com and see what IP address(es) you have.  You can do it again after you connect to the VPN to be sure you got an IPv6 address. 


Keywords:
VPN Profiles cisco anyconnect split tunnel, tunnel all, duo, IPv6 IPv4 
Doc ID:
84548
Owned by:
Network E. in University of Illinois Technology Services
Created:
2018-08-07
Updated:
2024-03-13
Sites:
University of Illinois Technology Services