Cisco Support Community
Community Member


Good Day.

My customer has ASAs running 8.2.1, we will migrate from IPV4 to IPV6, however we want to know which is the recommended version for IPV6.


There are the features that we would like the ASAs to have. I just saw that on version 9.0.1 OSPFv3 is supported, but couldn't find RIP, QoS, CEF, etc on the release notes. Does anyone can recommend a version? If so, from 8.2.1 to 9.X.X do we need more RAM, CPU, etc to upgrade?


Any information will be appreciated, many thanks.


IPv6 Routing

IPv6 routing: OSPF for IPv6 (OSPFv3)


IPv6 routing: RIP for IPv6 (RIPng)


IPv6 routing: route redistribution


IPv6 routing: static routing


IPv6 address types: Unicast


IPv6: ICMPv6


IPv6: ICMPv6 redirect


IPv6: IPv6 MTU path discovery


IPv6: IPv6 neighbor discovery


IPv6: IPv6 stateless autoconfiguration


IPv6: IPv6 static cache entry for neighbor discovery


IPv6: neighbor discovery duplicate address detection


IPv6: ping

IPv6 Data Link Layer

IPv6 data link: Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet


IPv6 data link: VLANs using IEEE 802.1Q encapsulation

IPv6 Switching Services

IPv6 switching: Cisco Express Forwarding/ Distributed Cisco Express Forwarding Support

IPv6 QoS (Quality of Service)

IPv6 QoS: MQC packet classification


IPv6 QoS: MQC packet marking/re-marking


IPv6 QoS: MQC traffic policing


IPv6 QoS: MQC traffic shaping


IPv6 QoS: MQC weighted random early detection (WRED)-based drop


IPv6 QoS: queueing


Everyone's tags (3)

I'm not sure about all of the

I'm not sure about all of the specific things you are querying, but in general the IPv6 support is much more advanced in 9.x than in any of the 8's, and I would strongly recommend going to 9.0 or 9.1 if you want to run dual-stack with IPv6 enabled.  I'm running 9.0 dual-stack currently.  You definitely get all of the link layer types, ping, neighbor discovery including DAD, SLAAC, 802.1Q vlan tags, static routes, IPsec tunnels, etc. 

Don't forget that the clients will expect to see ICMPv6 router advertisements, and that the firewall (routed mode) or router (transparent mode) RA flags control the client DHCPv6 behaviors if they aren't static.  In transparent mode you will have to pass at least ICMPv6 types 133-136 (router & neighbor's solicit &advertise).

You do need more memory to get to 8.3 or later; check the release notes versus your current hardware.  The IPv4 NAT is completely different in the later versions (real unmapped addresses in the ACLs, heavy use of the new network objects), also as of 9.0 they unified the IPv4 and IPv6 access lists and groups, so that the "any" keyword is now dual-protocol; there are new "any4" and "any6" keywords for writing single-protocol ACLs.

-- Jim Leinweber, WI State Lab of Hygiene

Community Member

Thanks.I'll try to see if I


I'll try to see if I can go directly to version 9 and how this affects NAT an ACL, maybe is "less intrusive" than version 8.3.

Any other advice, I'll read it. Regards!

CreatePlease to create content