Hi everyone,

I tried to create an ACL for IPv6. But the acl always drops my packetes. Only in case I allow an Permit Icmp6 any any statement. It works.

With detailed IPv6 entries. I have got drops.

ipv6 access-list ipv6-inside; 6 elements; name hash: 0xd5eb1808

ipv6 access-list ipv6-inside line 1 permit ip host fe80::21d:71ff:fe99:d1c0 any log informational interval 300 (hitcnt=0) 0xbb4badda

ipv6 access-list ipv6-inside line 2 permit ip host 2001:a128:0:170::1 any log informational interval 300 (hitcnt=0) 0x473626da

ipv6 access-list ipv6-inside line 3 permit ip 2001:a128:0:170::/64 any log informational interval 300 (hitcnt=0) 0x5b6258d3

ipv6 access-list ipv6-inside line 4 permit icmp6 2001:a128:0:170::/64 any log informational interval 300 (hitcnt=0) 0x7778f0a9

ipv6 access-list ipv6-inside line 5 deny ip any any log informational interval 300 (hitcnt=45) 0x3b6a5ff9

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This is the one with the permit icmp6 any any statement, it works !!

ipv6 access-list ipv6-inside; 6 elements; name hash: 0xd5eb1808

ipv6 access-list ipv6-inside line 1 permit ip host fe80::21d:71ff:fe99:d1c0 any log informational interval 300 (hitcnt=0) 0xbb4badda

ipv6 access-list ipv6-inside line 2 permit ip host 2001:a128:0:170::1 any log informational interval 300 (hitcnt=0) 0x473626da

ipv6 access-list ipv6-inside line 3 permit ip 2001:a128:0:170::/64 any log informational interval 300 (hitcnt=0) 0x5b6258d3

ipv6 access-list ipv6-inside line 4 permit icmp6 2001:a128:0:170::/64 any log informational interval 300 (hitcnt=0) 0x7778f0a9

ipv6 access-list ipv6-inside line 5 permit icmp6 any any log informational interval 300 (hitcnt=2) 0x588e9e81

ipv6 access-list ipv6-inside line 6 deny ip any any log informational interval 300 (hitcnt=45) 0x3b6a5ff9

Has anybody an idea what is wrong with the dedicated entries?

THX,

Ingo