Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5599
Views
5
Helpful
5
Replies

IPv6 support in ASA 8.2(2)

Go to solution
jkirby
Level 1
Level 1

‎03-29-2011 01:27 PM - edited ‎03-01-2019 05:26 PM

Hello.

I work for a small co-lo/hosting provider trying to be live for World IPv6 day. As such I have questions about BGP transitions and ASA support. I'll not ask them all at once though.

I plan to implement dual-stack for our hosting edge. Our ASAs are mostly set up using the ASDM "public servers" feature. I also plan to do transparent NAT (NAT 0) for v6. Are there any major caveats using 8.2(2) for this? 8.3 or 8.4 may be an option for us if I can get approval for mem upgraded but I'd like to stay with 8.2(2) for now.

Also, is there an IPv6 quick start guide or two for IPv6 on ASA by any chance?

Thanks

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
wzhang
Cisco Employee
Cisco Employee
In response to jkirby

‎04-04-2011 08:44 AM

Hi,

You are correct, when there is no NAT 0 configured, ipv6 traffic is still forwarded and is only subject to the access-control and security rules regardless of whether "nat-control" is enabled. This is different from how ipv4 is handled on the ASA.

Thanks,

Wen

View solution in original post

5 Replies 5

Go to solution
Phillip Remaker
Cisco Employee
Cisco Employee

‎04-01-2011 02:05 PM

There is IPv6 support in the ASA version 8.2.

We just posted an IPv6 Quick Start guide at https://supportforums.cisco.com/docs/DOC-15973 and would appreciate feedback on it.

The Public Servers features is a NAT/PAT feature.  The good news is that the immense address space of IPv6 eliminates the need for NAT, you can just use use access lists to set up your policy.

0 Helpful

Go to solution
jkirby
Level 1
Level 1
In response to Phillip Remaker

‎04-04-2011 08:04 AM

Thanks for the link.

One thing I don't quite get: for IPv4 we need to use NAT0 or NAT exempt rules to make the same IP available from a DMZ to the outside. Are you saying this is not true for IPv6?

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
wzhang
Cisco Employee
Cisco Employee
In response to jkirby

‎04-04-2011 08:44 AM

Hi,

You are correct, when there is no NAT 0 configured, ipv6 traffic is still forwarded and is only subject to the access-control and security rules regardless of whether "nat-control" is enabled. This is different from how ipv4 is handled on the ASA.

Thanks,

Wen

Go to solution
jkirby
Level 1
Level 1
In response to wzhang

‎04-04-2011 09:37 AM

That's awesome!!

But, since the ASA doesn't do proxy NDP I need to set static routes in my edge routers to point any /64s I use for DMZs to the ASA's outside interface, correct?

jk

0 Helpful

Go to solution
wzhang
Cisco Employee
Cisco Employee
In response to jkirby

‎04-04-2011 10:12 AM

Yes that's correct.

Thanks,

Wen

0 Helpful
Customers Also Viewed These Support Documents