https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5152896#M1114715 <P>I believe that in the routed firewall mode ASA drops all IPv6 if IPv6 addresses are not configured on ASA interfaces, simply because its IPv6 routing table is empty in this case. Transparent firewall mode also requires IPv6 address to be configured.</P><P>NB. In ASA ACLs "any" means "any4" OR "any6", so if IPv6 addresses are configured on ASA interfaces, it may let IPv6 through "any" depending on your configuration.</P><P>HTH</P><P>&nbsp;</P> Mon, 29 Jul 2024 14:29:31 GMT tvotna 2024-07-29T14:29:31Z https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5151780#M1114664 <P>Hi All,</P><P>is IPv6 blocked on Cisco ASA by default? we are running version 9.12 currently and have received a request to block an IPv6 address&nbsp; and I am pretty sure we haven't used IPv6 in our environment before. So was wondering if we need to take any action on the same.&nbsp;</P><P>Regards,</P><P>Vijay</P> Fri, 26 Jul 2024 10:41:59 GMT https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5151780#M1114664 vijay4211 2024-07-26T10:41:59Z https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5151783#M1114666 <P>Do you have any attack to your VPN service and you want to deny this IP to access ASA?</P> <P>MHM</P> Fri, 26 Jul 2024 10:52:05 GMT https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5151783#M1114666 MHM Cisco World 2024-07-26T10:52:05Z https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5151812#M1114667 <P>Hi MHM,</P><P>No, not for this. Actually this is an internet facing firewall and we block malicious IPs coming on our outside interface as provided by our SOC advisories. But this is the first time we have received a request for an IPv6 address.</P> Fri, 26 Jul 2024 11:53:14 GMT https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5151812#M1114667 vijay4211 2024-07-26T11:53:14Z https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5152088#M1114673 <P>Anyone has any idea on whether we should be blocking this Ipv6 address through, say an ACL, or will it get blocked by default?</P> Sat, 27 Jul 2024 06:49:58 GMT https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5152088#M1114673 vijay4211 2024-07-27T06:49:58Z https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5152896#M1114715 <P>I believe that in the routed firewall mode ASA drops all IPv6 if IPv6 addresses are not configured on ASA interfaces, simply because its IPv6 routing table is empty in this case. Transparent firewall mode also requires IPv6 address to be configured.</P><P>NB. In ASA ACLs "any" means "any4" OR "any6", so if IPv6 addresses are configured on ASA interfaces, it may let IPv6 through "any" depending on your configuration.</P><P>HTH</P><P>&nbsp;</P> Mon, 29 Jul 2024 14:29:31 GMT https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5152896#M1114715 tvotna 2024-07-29T14:29:31Z https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5152902#M1114717 <P>defualt behavior of asa is prevent any traffic from low to high secuirty even if you not config ACL and this inlcude both ipv4 and ipv6</P> <P>But to be sure I run lab yesterday to add ipv6 access-list any any log&nbsp; to OUT of asa but the command is unknown'&nbsp;</P> <P>Sorry I have limit time these day I will try soon and update you when I sucess</P> <P>Thanks&nbsp;</P> <P>MHM</P> Mon, 29 Jul 2024 15:00:11 GMT https://community.cisco.com/t5/network-security/blocking-ipv6-on-asa/m-p/5152902#M1114717 MHM Cisco World 2024-07-29T15:00:11Z