- A
Site B's IPv4 address is private and not reachable from Site A; 6to4 requires public IPv4 addresses on both ends.
6to4 requires globally routable IPv4 addresses on both tunnel endpoints. If Site B uses a private address behind NAT, the return traffic cannot be encapsulated correctly.
- B
The tunnel mode on Site B is configured as GRE IPv6 instead of 6to4.
Why wrong: 6to4 tunnels use tunnel mode ipv6ip 6to4; GRE mode would not interpret the 2002:: prefix correctly.
- C
The IPv6 MTU on the tunnel is set too high, causing fragmentation of return packets.
Why wrong: MTU issues would cause packet drops but not a complete failure of return traffic; also, fragmentation is handled by IPv4.
- D
Site A has a firewall blocking incoming IPv4 protocol 41 packets.
Why wrong: This would affect both directions; the question states Site A to Site B works, so incoming packets to Site A are not blocked.
Quick Answer
The answer is that Site B’s IPv4 address is private and not reachable from Site A, as 6to4 requires public IPv4 addresses on both ends. This is because a 6to4 automatic tunnel derives its IPv6 prefix from the embedded IPv4 address using the 2002::/16 format, so if Site B uses a private address like 10.x.x.x or 192.168.x.x, Site A cannot route return traffic over the public Internet—private addresses are non-routable globally. On the Cisco CCNP ENARSI 300-410 exam, this scenario tests your understanding of 6to4 tunnel addressing and loop prevention, often appearing as a trick where one-way traffic works but return traffic fails. A common trap is assuming any IPv4 connectivity suffices, but the key is that both endpoints must have globally routable addresses for bidirectional communication. Memory tip: think “2002 requires two public IPs”—if one side is private, the tunnel is one-way only.
300-410 IPv6 Tunneling Techniques Practice Question
This 300-410 practice question tests your understanding of ipv6 tunneling techniques. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A network engineer configures a 6to4 tunnel between two sites. The tunnel works for traffic from Site A to Site B, but return traffic from Site B to Site A fails. Both sites have IPv4 connectivity. What is the most likely explanation?
Clue words in this question
Noticing these words before you look at the options changes how you read each choice.
Clue:
"most likely"Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Site B's IPv4 address is private and not reachable from Site A; 6to4 requires public IPv4 addresses on both ends.
6to4 tunnels require both endpoints to have globally routable public IPv4 addresses because the tunnel encapsulation uses the IPv4 address to derive the IPv6 prefix (2002::/16). If Site B has a private IPv4 address (e.g., 10.x.x.x or 192.168.x.x), Site A cannot route return traffic to it, as private addresses are not reachable over the public Internet. This explains why traffic from Site A to Site B works (Site A's public address is reachable), but return traffic fails.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
Site B's IPv4 address is private and not reachable from Site A; 6to4 requires public IPv4 addresses on both ends.
Why this is correct
6to4 requires globally routable IPv4 addresses on both tunnel endpoints. If Site B uses a private address behind NAT, the return traffic cannot be encapsulated correctly.
Clue confirmation
The clue word "most likely" in the question point toward this answer.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
The tunnel mode on Site B is configured as GRE IPv6 instead of 6to4.
Why it's wrong here
6to4 tunnels use tunnel mode ipv6ip 6to4; GRE mode would not interpret the 2002:: prefix correctly.
- ✗
The IPv6 MTU on the tunnel is set too high, causing fragmentation of return packets.
Why it's wrong here
MTU issues would cause packet drops but not a complete failure of return traffic; also, fragmentation is handled by IPv4.
- ✗
Site A has a firewall blocking incoming IPv4 protocol 41 packets.
Why it's wrong here
This would affect both directions; the question states Site A to Site B works, so incoming packets to Site A are not blocked.
Common exam traps
Common exam trap: answer the scenario, not the keyword
Cisco often tests the misconception that 6to4 tunnels can work with private IPv4 addresses if NAT is involved, but 6to4 does not support NAT traversal because the IPv4 address is embedded in the IPv6 prefix, making it incompatible with address translation.
Detailed technical explanation
How to think about this question
6to4 tunnels use the IPv4 address of each endpoint to automatically construct a 2002:IPv4-address::/48 prefix, as defined in RFC 3056. For example, if Site A's public IPv4 address is 192.0.2.1, its 6to4 prefix becomes 2002:c000:0201::/48. If Site B uses a private IPv4 address like 10.0.0.1, its derived prefix would be 2002:0a00:0001::/48, but that prefix is not globally routable because the underlying IPv4 address is not reachable from the public Internet. In real-world deployments, 6to4 is often used with a relay router to handle communication with native IPv6 networks, but direct site-to-site 6to4 tunnels still require public IPv4 addresses on both ends.
KKey Concepts to Remember
- Read the scenario before looking for a memorised answer.
- Find the constraint that changes the correct option.
- Eliminate answers that are true in general but not in this case.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A small business has 20 workstations on the 192.168.1.0/24 network and one public IP from its ISP. The router uses PAT (NAT overload) so all 20 devices share one public address using different source ports. NAT questions test whether you understand the four address terms and which direction each translation applies.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
- →
IPv6 Tunneling Techniques — study guide chapter
Learn the concepts, then practise the questions
- →
IPv6 Tunneling Techniques practice questions
Targeted practice on this topic area only
- →
All 300-410 questions
2,152 questions across all exam domains
- →
Cisco CCNP ENARSI 300-410 study guide
Full concept coverage aligned to exam objectives
- →
300-410 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related 300-410 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Layer 3 Technologies practice questions
Practise 300-410 questions linked to Layer 3 Technologies.
EIGRP Troubleshooting practice questions
Practise 300-410 questions linked to EIGRP Troubleshooting.
OSPF Troubleshooting (v2/v3) practice questions
Practise 300-410 questions linked to OSPF Troubleshooting (v2/v3).
BGP Troubleshooting practice questions
Practise 300-410 questions linked to BGP Troubleshooting.
Route Redistribution practice questions
Practise 300-410 questions linked to Route Redistribution.
Policy-Based Routing (PBR) practice questions
Practise 300-410 questions linked to Policy-Based Routing (PBR).
VRF-Lite practice questions
Practise 300-410 questions linked to VRF-Lite.
Route Maps and Route Filtering practice questions
Practise 300-410 questions linked to Route Maps and Route Filtering.
Administrative Distance practice questions
Practise 300-410 questions linked to Administrative Distance.
Route Summarization practice questions
Practise 300-410 questions linked to Route Summarization.
Bidirectional Forwarding Detection (BFD) practice questions
Practise 300-410 questions linked to Bidirectional Forwarding Detection (BFD).
VPN Technologies practice questions
Practise 300-410 questions linked to VPN Technologies.
Practice this exam
Start a free 300-410 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 300-410 question test?
IPv6 Tunneling Techniques — This question tests IPv6 Tunneling Techniques — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Site B's IPv4 address is private and not reachable from Site A; 6to4 requires public IPv4 addresses on both ends. — 6to4 tunnels require both endpoints to have globally routable public IPv4 addresses because the tunnel encapsulation uses the IPv4 address to derive the IPv6 prefix (2002::/16). If Site B has a private IPv4 address (e.g., 10.x.x.x or 192.168.x.x), Site A cannot route return traffic to it, as private addresses are not reachable over the public Internet. This explains why traffic from Site A to Site B works (Site A's public address is reachable), but return traffic fails.
What should I do if I get this 300-410 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
Are there clue words in this question I should notice?
Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Same concept, more angles
4 more ways this is tested on 300-410
These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.
Variation 1. In a 6to4 tunnel, how is the tunnel destination address determined?
medium- A.It is manually configured.
- ✓ B.It is derived from the IPv6 destination address using the 2002::/16 prefix.
- C.It is obtained via DNS.
- D.It is the same as the tunnel source.
Why B: In a 6to4 tunnel, the tunnel destination address is automatically derived from the IPv6 destination address by extracting the IPv4 address embedded in the 2002::/16 prefix. Specifically, the first 16 bits of the IPv6 destination are 2002, and the next 32 bits represent the IPv4 address of the remote 6to4 router. This allows the tunnel to be dynamically established without manual configuration of each destination.
Variation 2. In a 6to4 tunnel, what is the default IPv6 prefix assigned to the tunnel interface?
medium- A.2002::/16
- ✓ B.2002:IPv4-address::/48
- C.2001::/32
- D.3ffe::/16
Why B: In a 6to4 tunnel, the default IPv6 prefix assigned to the tunnel interface is 2002:IPv4-address::/48, where the IPv4 address of the tunnel source is embedded in the prefix. This is defined in RFC 3056, which specifies that the 6to4 prefix is 2002::/16, and the next 32 bits are the tunnel source's IPv4 address, resulting in a /48 prefix for the 6to4 site.
Variation 3. Which TWO statements correctly describe the behavior of automatic 6to4 tunneling? (Choose TWO.)
hard- ✓ A.The 6to4 prefix is 2002::/16, where the next 32 bits are the IPv4 address of the tunnel source in hexadecimal.
- ✓ B.A 6to4 relay router must have an IPv6 route to 2002::/16 pointing to the tunnel interface.
- C.6to4 tunnels can use private IPv4 addresses as the tunnel source.
- D.The 6to4 prefix is 2001::/16, and the IPv4 address is embedded in the interface ID.
- E.The tunnel interface must be configured with tunnel mode ipv6ip.
Why A: Option A is correct because RFC 3056 defines the 6to4 prefix as 2002::/16, and the next 32 bits are the IPv4 address of the tunnel source converted to hexadecimal. This embeds the IPv4 address directly into the IPv6 prefix, allowing automatic tunnel creation without explicit peer configuration.
Variation 4. Which loop prevention mechanism is inherent to 6to4 tunneling?
medium- A.Split horizon
- B.Reverse path forwarding (RPF) check
- ✓ C.Embedded IPv4 address validation
- D.TTL decrement
Why C: 6to4 tunneling uses an embedded IPv4 address in the IPv6 prefix (2002::/16) to automatically derive the tunnel destination. This inherent validation prevents routing loops by ensuring that a 6to4 router only accepts packets whose source IPv4 address matches the embedded address in the IPv6 source prefix, rejecting mismatched or spoofed traffic that could cause loops.
Last reviewed: Jun 24, 2026
This 300-410 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 300-410 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.