03-29-2011 01:27 PM - edited 03-01-2019 05:26 PM
Hello.
I work for a small co-lo/hosting provider trying to be live for World IPv6 day. As such I have questions about BGP transitions and ASA support. I'll not ask them all at once though.
I plan to implement dual-stack for our hosting edge. Our ASAs are mostly set up using the ASDM "public servers" feature. I also plan to do transparent NAT (NAT 0) for v6. Are there any major caveats using 8.2(2) for this? 8.3 or 8.4 may be an option for us if I can get approval for mem upgraded but I'd like to stay with 8.2(2) for now.
Also, is there an IPv6 quick start guide or two for IPv6 on ASA by any chance?
Thanks
Sent from Cisco Technical Support iPhone App
Solved! Go to Solution.
04-04-2011 08:44 AM
Hi,
You are correct, when there is no NAT 0 configured, ipv6 traffic is still forwarded and is only subject to the access-control and security rules regardless of whether "nat-control" is enabled. This is different from how ipv4 is handled on the ASA.
Thanks,
Wen
04-01-2011 02:05 PM
There is IPv6 support in the ASA version 8.2.
We just posted an IPv6 Quick Start guide at https://supportforums.cisco.com/docs/DOC-15973 and would appreciate feedback on it.
The Public Servers features is a NAT/PAT feature. The good news is that the immense address space of IPv6 eliminates the need for NAT, you can just use use access lists to set up your policy.
04-04-2011 08:04 AM
Thanks for the link.
One thing I don't quite get: for IPv4 we need to use NAT0 or NAT exempt rules to make the same IP available from a DMZ to the outside. Are you saying this is not true for IPv6?
Sent from Cisco Technical Support iPhone App
04-04-2011 08:44 AM
Hi,
You are correct, when there is no NAT 0 configured, ipv6 traffic is still forwarded and is only subject to the access-control and security rules regardless of whether "nat-control" is enabled. This is different from how ipv4 is handled on the ASA.
Thanks,
Wen
04-04-2011 09:37 AM
That's awesome!!
But, since the ASA doesn't do proxy NDP I need to set static routes in my edge routers to point any /64s I use for DMZs to the ASA's outside interface, correct?
jk
04-04-2011 10:12 AM
Yes that's correct.
Thanks,
Wen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide