Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2987
Views
5
Helpful
2
Replies

ICMPv6 and firewall clarification

mocah
Level 1
Level 1

‎10-10-2011 05:11 AM - edited ‎03-01-2019 05:30 PM

Hello all,

I was just reading that some ICMPv6 types must be permitted over firewall rules in both directions. Does this mean that even if current rules on firewall  allows only access from LAN to Internet (all traffic from Internet to LAN is blocked) firewall rules should allow some ICMPv6 types from Internet to LAN?

If so which icmpv6 types must be allowed from internet to LAN (Fragmentation, packet-to-big)?

Thank you and kind regards,

Marko

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎10-10-2011 05:39 AM

Marko,

ND, DAD, PMTUD will depend on ICMPv6 being allowed through.

Any traffic filtering should allow those.

if you're looking for brief overview, NIST guys have compiled it:

http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf

Section 3.5 to be specific.

Marcin

mocah
Level 1
Level 1
In response to Marcin Latosiewicz

‎10-10-2011 11:35 PM

Dear Marcin,

thank you

Kind regards,

Marko

0 Helpful
Customers Also Viewed These Support Documents