- Bronze, 100 points or more
Does anybody know if the NAT changes introduced in 8.3(1) now allow me to pass protocol-41 traffic (ipv6-in-ipv4, ipv6 tunnel) through the ASA to my IPv6 tunnel broker?
On the inside of my ASA I have a Cisco 871 configured with a tunnel interface to SixXS for IPv6. The ASA only has one public-IP.
I think I just figured this out myself. The crux is that a service specified in a NAT rule has to be a UDP or TCP service, not something altogether different. This solution may not be possible at all before 8.3, but this is what I'm in the middle of testing, and it seems to work so far.
object network local_endpoint
object network remote_endpoint
nat (inside,outside) source static local_endpoint interface destination static remote_endpoint remote_endpoint
access-list abcde extended permit 41 object remote_endpoint object local_endpoint
access-group abcde in interface outside
Some of this is copied right out of my config, and some is off the top of my head. If there's something here that's not right, please do correct me...