Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access-list to IPv6 on Pix

Good evening I have a customer which would try IPv6 on his host.

His host server is allocated on a DMZ on my Pix 525 rel.7.1(2).

Now i must put an ACL that permit IPv6 on his host.

How can write an ACL to permit IPv6 traffic from and to this host server?

Any information that you can send ne are welcomed.

Best Regards

Davide

2 REPLIES

Re: access-list to IPv6 on Pix

Hi Davide,

The IPv6 ACL looks very similar to normal (IPv4) ACL, except for the 'ipv6' keyword and addressing part. You have to enable IPv6 on the DMZ interface and on the interface where the incoming IPv6 is coming, e.g outside interface. But you can also use dual-stack (IPv4-to-IPv6) if required.

Example

hostname(config)# ipv6 access-list id [line num] {permit | deny} protocol source

[src_port] destination [dst_port]

ipv6 access-list outacl permit tcp 2001:400:2:1::/64 2001:400:1:1::/64 eq www

More details on IPv6 ACL is available at:

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a008054d50c.html

Rgds,

AK

New Member

Re: access-list to IPv6 on Pix

Hi Amrih,

thank's very much for your answer and for the link that you suggested me, it's the first time to me to configure IPv6 on a appliance.

I think I'll be use dual stack (IPv4-to-IPv6) because all my network address plan is IPv4, an this is the first request of IPv6 support.

Thank's very much for your support.

Best Regards

Davide

267
Views
0
Helpful
2
Replies
CreatePlease to create content