I'm going to implement IPv6 and for the past few weeks I've been looking for designs, documentation and tips to make the best of it and take full advantage of IPv6. However, even Cisco's documentation is based mostly on IPv4 and IPv6 is mentioned just as additional option. Also my experiences are mostly with IPv4 and therefore I would greatly appreciate advice, tips and recommendation specifically on design and best practices.
Though I need to keep some IPv4 in place just to have interoperability with those who don't have IPv6, I could use IPv6 only as I'm fully IPv6 'ready'.
The requirements are very simple and straightforward - all is based on ASA 5520 with two external and two internal interfaces and good 90% of traffic is VPN. On the external interfaces I need some 200 site-to-site VPN connections mostly with Cisco 800 series, around 400 remote-access VPN connections and access to DMZ with email server. On the internal interfaces I've got all the servers, all internet/web traffic should go through proxy.
external/VPN <----> \
external/VPN <----> - ASA 5520 = SG300 - internal servers
management <----> / |
DMZ / external servers
All internal servers and communication can use IPv6 only, the management IP address is IPv4, the external server can have IPv4 as well as IPv6 because not everyone is on IPv6, backup IPv4 VPN in case someone will have to connect through ISP without IPv6 support.
In IPv4 world I would keep the ASA 5520 routed mode, all internal traffic with private address ranges and NAT/proxy if external access required. However, not sure if that is the best for IPv6 as well, therefore I would appreciate any suggestions, recommendations and configuration tips.