Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX and IPv6 help needed


I am trying to enable my PIX for IPv6, so that I can connect from my internal LAN into my DMZ. But I run into some problems and I am not sure if I understand the IPv6 inplementation on the PIX correctly.

In IPv4 I can create a connection from host A on an interface with a higher security level to host B on an interface with a lower security level, right? I do not need to configure any access lists to do that, the PIX automatically takes care that traffic that belongs to that connection can pass from A to B and from B to A, right ? I tried the same thing for IPv6, and I could send traffic from A to B, but the traffic back from B to A was blocked ( icmpv6 this example, but also tcp connections didn't work ).

So I would like to know if the PIX is allready able to do for IPv6 traffic. Can it only do static access-lists for IPv6 ??? Or should it be able to the same things for IPv6 as for IPv4 ( especially the statefull inspection and lets call it "dynamic access list" features ) ?????

Thanks, Ruediger


Re: PIX and IPv6 help needed

When entering IPv6 addresses in commands that support them, simply enter the IPv6 address using standard IPv6 notation, for example ping fe80::2e0:b6ff:fe01:3b7a. The security appliance correctly recognizes and processes the IPv6 address. However, you must enclose the IPv6 address in square brackets ([ ]) in the following situations:

You need to specify a port number with the address, for example [fe80::2e0:b6ff:fe01:3b7a]:8080.

The command uses a colon as a separator, such as the write net and config net commands. For example, configure net [fe80::2e0:b6ff:fe01:3b7a]:/tftp/config/pixconfig.

For more information refer to following url: