Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix 515 and IPV6

I have a pix 515 with 3 interfaces running pix software 7.1(1)

e0 outside 3ffe:xxxx::101/64

e1 frontporch 3ffe:xxxx:1:101/64

e2 inside 3ffe:xxxx:2:101/64

All interfaces have ipv6 enabled and neighbor discovery disabled and router advertisment is suppressed.

I would like to host a web server on the frontporch zone of the firewall.

I need the webserver to be accessable via ::/0 (the internet) as well as the inside 3ffe:xxxx:2::/64

I added the following access list

ipv6 access-list incoming permit tcp any eq www host 3ffe:xxxx:1::a6a6

access-group incoming in interface outside

What else am I missing?

for debugging, I added another access list with icmp enabled

ipv6 access-list incoming permit icmp6 any any

from the inside address I can communicate with the outside ::/0 (sprintv6.net) but am unable to communicate with hosts on the frontporch. from the outside or inside.

Firefox can't establish a connection to the server at [3ffe:xxxx:1::a6a6]

the security levels are 0 for ouside

10 for frontporch and 100 for inside.

Any advice you could offer would be benificial.

1 REPLY
New Member

Re: Pix 515 and IPV6

ipv6 access-list incoming permit tcp any eq www host 3ffe:xxxx:1::a6a6


looks like you can't get to the server since the source is "any eq www" ....which isn't the case.  the source would be some dynamically generated tcp port....it's the destination that is eq www....  so probably should be....

ipv6 access-list incoming permit tcp any host 3ffe:xxxx:1::a6a6 eq www

713
Views
0
Helpful
1
Replies