Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1477
Views
5
Helpful
2
Replies

ASA 5505 to 5505 IPv6 VPN over IPv4 Internet connection

2044418Puts
Level 1
Level 1

‎10-06-2010 08:00 AM

Hi, I would like to know if it is possible to build an IPv6 VPN over a IPv4 network using ASA's, like this:

ipv6 access-list VPN_IPV6_ACL permit ip 2001:470:aaaa:aaaa::/64 2001:470:bbbb:bbbb::/64

crypto map OUTSIDE_CM 40 match address VPN_IPV6_ACL
crypto map OUTSIDE_CM 40 set pfs group5
crypto map OUTSIDE_CM 40 set peer 10.10.10.10

crypto map OUTSIDE_CM 40 set transform-set ESP-AES256-SHA
crypto map OUTSIDE_CM 40 set security-association lifetime seconds 28800
crypto map OUTSIDE_CM 40 set security-association lifetime kilobytes 4608000
crypto map OUTSIDE_CM 40 set reverse-route

Is this possible? Thanks!

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎10-06-2010 11:26 AM

Only on ASA 8.3.

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/site2sit.html#wp1055829

"The adaptive security appliances have IPv6 inside  networks and the outside network is IPv4 (IPv6 addresses on the inside  interface and IPv4 addresses on the outside interfaces)."

HTH,

Marcin

Yudong Wu
Level 7
Level 7

‎10-06-2010 11:27 AM

copying from the release notes

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/release/notes/asarn83.html

For LAN-to-LAN connections using mixed IPv4 and IPv6 addressing, or all  IPv6 addressing, the adaptive security appliance supports VPN tunnels if  both peers are Cisco ASA 5500 series adaptive security appliances, and  if both inside networks have matching addressing schemes (both IPv4 or  both IPv6).

Specifically, the following topologies are supported when both peers are Cisco ASA 5500 series adaptive security appliances:

The  adaptive security appliances have IPv4 inside networks and the outside  network is IPv6 (IPv4 addresses on the inside interfaces and IPv6  addresses on the outside interfaces).

The  adaptive security appliances have IPv6 inside networks and the outside  network is IPv4 (IPv6 addresses on the inside interface and IPv4  addresses on the outside interfaces).

The  adaptive security appliances have IPv6 inside networks and the outside  network is IPv6 (IPv6 addresses on the inside and outside interfaces).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents