Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPv6 on ASA

Dear all,

I am trying do basic config on my Cisco ASA as below diagram:

IOS Router --- ASA --- PC

From ASA, i can ping both IOS router and PC. From PC, i can ping ASA inside and outside interface but can not ping IOS router.

My config are as below:


FIREWALL# sh ver

Cisco Adaptive Security Appliance Software Version 8.0(3)

Device Manager Version 6.0(2)

Compiled on Tue 06-Nov-07 22:59 by builders

System image file is "disk0:/asa803-k8.bin"

Config file at boot was "startup-config"

FIREWALL up 314 days 15 hours

failover cluster up 2 years 336 days

Hardware:   ASA5540-K8, 1024 MB RAM, CPU Pentium 4 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash AT49LW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

                             Boot microcode   :  CN1000-MC-BOOT-2.00

                             SSL/IKE microcode:  CNLite-MC-SSLm-PLUS-2.01

                             IPSec microcode  :  CNlite-MC-IPSECm-MAIN-2.04

0: Ext: GigabitEthernet0/0  : address is 0019.e8c9.928e, irq 9

1: Ext: GigabitEthernet0/1  : address is 0019.e8c9.928f, irq 9

2: Ext: GigabitEthernet0/2  : address is 0019.e8c9.9290, irq 9

3: Ext: GigabitEthernet0/3  : address is 0019.e8c9.9291, irq 9

4: Ext: Management0/0       : address is 0019.e8c9.928d, irq 11

5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11

6: Int: Not used            : irq 5

7: Ext: GigabitEthernet1/0  : address is 001a.2f94.59f6, irq 255

8: Ext: GigabitEthernet1/1  : address is 001a.2f94.59f7, irq 255

9: Ext: GigabitEthernet1/2  : address is 001a.2f94.59f8, irq 255

10: Ext: GigabitEthernet1/3  : address is 001a.2f94.59f9, irq 255

11: Int: Internal-Data1/0    : address is 0000.0003.0002, irq 255

Licensed features for this platform:

Maximum Physical Interfaces  : Unlimited

Maximum VLANs                : 200      

Inside Hosts                 : Unlimited

Failover                     : Active/Active

VPN-DES                      : Enabled  

VPN-3DES-AES                 : Enabled  

Security Contexts            : 2        

GTP/GPRS                     : Disabled 

VPN Peers                    : 5000     

WebVPN Peers                 : 2        

AnyConnect for Mobile        : Disabled 

AnyConnect for Linksys phone : Disabled 

Advanced Endpoint Assessment : Disabled  


ipv6 access-list 201 permit icmp any any

ipv6 access-list 201 permit object-group FDMZ any object-group FDMZ-IPV6

ipv6 access-list 201 permit object-group BDMZ any object-group BDMZ-IPV6

ipv6 access-list 203 permit ip any any

ipv6 access-list 203 permit icmp6 any any

ipv6 access-list 203 permit icmp any any

access-group 201 in interface OUTSIDE

access-group 203 in interface INSIDE


interface GigabitEthernet0/0

nameif OUTSIDE

security-level 0

ip address standby

ipv6 address 2405:da00:1:1::2/64

interface GigabitEthernet0/1

nameif INSIDE

security-level 30

ip address standby

ipv6 address 2405:da00:1:2::1/64

ipv6 enable

ipv6 nd prefix 2405:da00:1:2::/64 43200 43200

ipv6 route OUTSIDE ::/0 2405:da00:1:1::1

Any idea what is wrong?

CreatePlease login to create content