This is not only EIGRPv6 :)
There is VPN (flexvpn) tunnel between R1 and R4, between them there's ASA in transparent mode with soft 9.0
R1:
interface GigabitEthernet0/0.63
ip address 30.30.30.11 255.255.255.0
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:6783:30::1/64
ipv6 enable
!
interface Loopback10
ipv6 address 2001:DB8:6783:1111::1/128
ipv6 enable
!
crypto ikev2 proposal IKEv2-PROP
encryption aes-cbc-256 aes-cbc-128 3des
integrity sha384 sha256 sha1
group 14 5
!
crypto ikev2 policy IKEv2-POL
proposal IKEv2-PROP
!
crypto ikev2 keyring KR
peer R4
address 2001:DB8:6783:30::4/64
pre-shared-key local cisco123
pre-shared-key remote 123cisco
!
crypto ikev2 profile IKEv2-PROF
match identity remote address 2001:DB8:6783:30::4/64
authentication local pre-share
authentication remote pre-share
keyring local KR
!
crypto ipsec transform-set TSET-IPv6 esp-3des esp-md5-hmac
!
crypto ipsec profile IPSEC-PROF
set transform-set TSET-IPv6
set ikev2-profile IKEv2-PROF
!
interface Tunnel0
ipv6 address 2001:DB8:6783:33::1/64
ipv6 enable
ipv6 eigrp 1
tunnel source 2001:DB8:6783:30::1
tunnel mode ipsec ipv6
tunnel destination 2001:DB8:6783:30::4
tunnel protection ipsec profile IPSEC-PROF
!
route-map lo10 permit 10
match interface Loopback10
!
ipv6 router eigrp 1
eigrp router-id 1.1.1.1
redistribute connected route-map lo10
ASA-4:
firewall transparent
!
interface GigabitEthernet0/0
nameif inside
bridge-group 10
security-level 100
!
interface GigabitEthernet0/1
nameif outside
bridge-group 10
security-level 0
!
interface BVI10
ip address 30.30.30.3 255.255.255.0
ipv6 address 2001:db8:6783:30::3/64
ipv6 enable
!
access-list OUT6_IN extended permit icmp6 host 2001:db8:6783:30::4 host 2001:db8:6783:30::1
access-list OUT6_IN extended permit esp host 2001:db8:6783:30::4 host 2001:db8:6783:30::1
!
access-group OUT6_IN in interface outside
R4:
interface GigabitEthernet0/1
ip address 30.30.30.4 255.255.255.0
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:6783:30::4/64
ipv6 enable
!
interface Loopback10
ip address 44.44.44.44 255.255.255.0
ipv6 address 2001:DB8:6783:4444::1/128
ipv6 enable
!
crypto ikev2 proposal IKEv2-PROP
encryption aes-cbc-256 aes-cbc-128 3des
integrity sha384 sha256 sha1
group 14 5
!
crypto ikev2 policy IKEv2-POL
proposal IKEv2-PROP
!
crypto ikev2 keyring KR
peer R1
address 2001:DB8:6783:30::1/64
pre-shared-key local 123cisco
pre-shared-key remote cisco123
!
crypto ikev2 profile IKEv2-PROF
match identity remote address 2001:DB8:6783:30::1/64
authentication local pre-share
authentication remote pre-share
keyring local KR
!
crypto ipsec transform-set TSET-IPv6 esp-3des esp-md5-hmac
!
crypto ipsec profile IPSEC-PROF
set transform-set TSET-IPv6
set ikev2-profile IKEv2-PROF
!
interface Tunnel0
ipv6 address 2001:DB8:6783:33::2/64
ipv6 enable
ipv6 eigrp 1
tunnel source 2001:DB8:6783:30::4
tunnel mode ipsec ipv6
tunnel destination 2001:DB8:6783:30::1
tunnel protection ipsec profile IPSEC-PROF
!
route-map lo10 permit 5
match interface Loopback10
!
ipv6 router eigrp 1
eigrp router-id 4.4.4.4
redistribute connected route-map lo10
Verification:
R1#sh crypto ikev2 sa
IPv4 Crypto IKEv2 SA
IPv6 Crypto IKEv2 SA
Tunnel-id fvrf/ivrf Status
1 none/none READY
Local 2001:DB8:6783:30::1/500
Remote 2001:DB8:6783:30::4/500
Encr: AES-CBC, keysize: 256, Hash: SHA384, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/15604 sec
R1#sh crypto ikev2 session
IPv4 Crypto IKEv2 Session
IPv6 Crypto IKEv2 Session
Session-id:5, Status:UP-ACTIVE, IKE count:1, CHILD count:1
Tunnel-id fvrf/ivrf Status
1 none/none READY
Local 2001:DB8:6783:30::1/500
Remote 2001:DB8:6783:30::4/500
Encr: AES-CBC, keysize: 256, Hash: SHA384, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/46 sec
Child sa: local selector ::/0 - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/65535
remote selector ::/0 - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/65535
ESP spi in/out: 0xDDFCA5A4/0xB02F0AB2
R1#sh ipv6 eigrp neighbors
EIGRP-IPv6 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 Link-local address: Tu0 12 00:01:45 8 1476 0 80
FE80::5A8D:9FF:FE1C:3160
R1#sh ipv6 route eigrp
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
EX 2001:DB8:6783:4444::1/128 [170/27008000]
via FE80::5A8D:9FF:FE1C:3160, Tunnel0
R1#ping ipv6 2001:DB8:6783:4444::1 source loopback 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:6783:4444::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:6783:1111::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
asa-3# sh conn
2 in use, 12 most used
ESP outside 2001:db8:6783:30::4 inside 2001:db8:6783:30::1, idle 0:00:03, bytes 8644, flags
ESP outside 2001:db8:6783:30::4 inside 2001:db8:6783:30::1, idle 0:00:02, bytes 8920, flags
asa-3# sh mac-address-table
interface mac address type Age(min) bridge-group
-----------------------------------------------------------------------------------
outside 588d.091c.3161 dynamic 5 10 // R4
inside 588d.0944.7308 dynamic 5 10 // R1
outside 0024.51eb.7a0b dynamic 4 10
inside 0024.51eb.7a0a dynamic 4 10