Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
6
Helpful
9
Replies

IPv6 configuration on ASA-firewall

Go to solution
sincerefrank366
Level 1
Level 1

‎07-18-2024 09:41 AM

Compliments.

Please, I need direction for a network that has IPv4 & IPv6 together. On the ASA-firewall, IPv6 access-list permit statement configuration could not enter but, I was able to configure IPv6 addresses on the firewall interfaces with OSPFv3 dynamic routing. no issues with IPv4 my challenge is that access-list statement to permit IPv6 ICMP/TCP pings across the firewall could not be establish. I'm using Packet tracer version 8.2.0.

Many thanks.   

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
jilse-iph
Level 1
Level 1
In response to sincerefrank366

‎08-23-2024 04:53 PM

I  think, your packettracer  software  simulates an  ASA with a 9.x  firmware,  so tere are no seperate access-lists for ipv4  and  ipv6  inpacettracer. ou ave to   use acommbinedaccesslistfor ipv4 and ipv6. In  my eyes,  the combined access-ist  iseasiertoandllethan seperate accesslists  for  ipv4 and ipv6.

For  example if you want to alllow ssh via pv4 and via ipv6  ftom anywere, ou may  use

access-list allow-ssh extended permit tcp any4 any4 eq  ssh

access-list allow-ssh extended permit tcp any6 any6 eq ssh

 

or you may simpl use instead

 

access-list allow-ssh extended permit tcp any any eq ssh

 

which combines the 2 above lines. If i remember correctly,  you can  not  upgrade  or  downgrade firmwares on  the simulated  devices  in  packettracer, you   ave  toive  with wat  pacettracer provides (which should be sufficient for  what you hhave  to  ear   for CCNA  exams).

View solution in original post

Go to solution
sincerefrank366
Level 1
Level 1
In response to jilse-iph

‎08-23-2024 10:31 PM

Alright, I now understand. Many thanks for your help and supportive advice, I really appreciate it.

View solution in original post

9 Replies 9

Go to solution
marce1000
VIP
VIP

‎07-18-2024 10:11 AM

 

        - Community group for Packet Tracer project questions

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
jilse-iph
Level 1
Level 1

‎08-22-2024 02:36 PM

Seperate access-lists for ipv4 and ipv6 were used in firmware versions up to 8.x (if i remember correctly), and  that versions  are really ancient and shoud not be used in production anymore  ...

Newer firmwares use combined access-lists for ipv4 and ipv6 and do not support  seperate  access-lists  for ipv4  and  ipv6  on the same  interface  anymore.

Go to solution
sincerefrank366
Level 1
Level 1

‎08-23-2024 08:24 AM

Thanks. So, what firmware version should I download?

0 Helpful

Go to solution
Harold Ritter
Level 12
Level 12
In response to sincerefrank366

‎08-23-2024 09:44 AM - edited ‎08-23-2024 09:56 AM

Hi @sincerefrank366 ,

What @jilse-iph is referring to is the limitation with the ASA physical and virtual appliance. The situation you are experiencing is specific to Cisco Packet Tracer. Unfortunately, configuring an ipv6 ACL or a combined ipv4 and ipv6 ACL doesn't seem to be currently supported in CPT.

This will definitely work in CML or GNS3 using the ASAv.

Regards,  

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Go to solution
jilse-iph
Level 1
Level 1
In response to Harold Ritter

‎08-23-2024 04:56 PM

it  was ong  ago, thhat  i  used pacettracer  to simulate networks.  i  did not  remebe   about te  qualit of  ipv6  support  in packettracer ...

0 Helpful

Go to solution
jilse-iph
Level 1
Level 1
In response to sincerefrank366

‎08-23-2024 04:53 PM

I  think, your packettracer  software  simulates an  ASA with a 9.x  firmware,  so tere are no seperate access-lists for ipv4  and  ipv6  inpacettracer. ou ave to   use acommbinedaccesslistfor ipv4 and ipv6. In  my eyes,  the combined access-ist  iseasiertoandllethan seperate accesslists  for  ipv4 and ipv6.

For  example if you want to alllow ssh via pv4 and via ipv6  ftom anywere, ou may  use

access-list allow-ssh extended permit tcp any4 any4 eq  ssh

access-list allow-ssh extended permit tcp any6 any6 eq ssh

 

or you may simpl use instead

 

access-list allow-ssh extended permit tcp any any eq ssh

 

which combines the 2 above lines. If i remember correctly,  you can  not  upgrade  or  downgrade firmwares on  the simulated  devices  in  packettracer, you   ave  toive  with wat  pacettracer provides (which should be sufficient for  what you hhave  to  ear   for CCNA  exams).

Go to solution
sincerefrank366
Level 1
Level 1
In response to jilse-iph

‎08-23-2024 10:31 PM

Alright, I now understand. Many thanks for your help and supportive advice, I really appreciate it.

Go to solution
sincerefrank366
Level 1
Level 1

‎08-23-2024 11:54 AM

Thanks Harold, I do appreciate.

0 Helpful

Go to solution
Harold Ritter
Level 12
Level 12
In response to sincerefrank366

‎08-23-2024 12:07 PM

You are very welcome @sincerefrank366 and thanks for the feedback

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card