I finally got an IPv6 tunnel going on my Netscreen SSG 5. So I thought I'd post the relevant configuration details here.
I'm currently running ScreenOS 5.4.0r3a0; there seems to be some WebUI bugs with IPv6 so it is best to do it via the command line.
Update: I just got a response back from JTAC. IPv6 is only supported on the ISG2000. So I'm unsure when/if it the WebUI bugs will be fixed.
Update2: IPv6 is now supported on the SSG 5 under screenos 6, the WEBUI bug has been fixed.
Background info:
The first step is to enable IPv6 on your Netscreen.
Type the following then save your config and restart the device:
Now let's setup the trust interface:
So we've setup my trust interface with the IPv6 subnet and autoconfiguration should be working.
Now let's setup a tunnel interface for the traffic to run through:
Now we'll setup a static route for IPv6 traffic to go through:
And finally we need to setup a policy to allow traffic out:
You may want to setup some policies to allow traffic in too.
That should be all you need to do.