cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
348
Views
0
Helpful
1
Replies

Cisco asa 5505: No traffic lan to wan with IPv6

Jose Pena
Level 1
Level 1

Hello everybody,

I have a Cisco ASA 5505, public ipv6 in outside interface, private ipv6 in LAN, from router I can ping any ipv6 in Internet and ping my LAN ipv6. Traffic doesn't go through router.

This is my configuration.

interface Vlan1
 nameif inside
 security-level 100
 ip address PRIV-Saturn1 255.255.255.0
 ipv6 address fc00::1/7
 ipv6 enable
!
interface Vlan2
 nameif outside
 security-level 0
 ip address PUBLIC26 255.255.255.248
 ipv6 address xxxx:yyyy:67:36::2/64
 ipv6 enable
 ipv6 nd suppress-ra

access-list Dynamic_Filter_ACL extended permit tcp any6 any6

ipv6 route outside ::/0 xxx:yyyy:67:36::1

 

Am I omitting anything?

Thanks in advance for the help.

 

Jos P

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

Since you're using IPv6 private addressing (fc00::) on the inside, you need a dynamic NAT entry to translate your private IPv6 addresses to a public one.

Alternatively, you could just use a subnet of your registered IPv6 block for the inside network and not worry about NAT.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: