Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2888
Views
5
Helpful
2
Replies

IPV6 on ASA

pgibran
Level 1
Level 1

‎08-21-2014 03:30 PM - edited ‎03-01-2019 05:45 PM

Good Day.

My customer has ASAs running 8.2.1, we will migrate from IPV4 to IPV6, however we want to know which is the recommended version for IPV6.

 

There are the features that we would like the ASAs to have. I just saw that on version 9.0.1 OSPFv3 is supported, but couldn't find RIP, QoS, CEF, etc on the release notes. Does anyone can recommend a version? If so, from 8.2.1 to 9.X.X do we need more RAM, CPU, etc to upgrade?

 

Any information will be appreciated, many thanks.

 

IPv6 Routing

IPv6 routing: OSPF for IPv6 (OSPFv3)

 

IPv6 routing: RIP for IPv6 (RIPng)

 

IPv6 routing: route redistribution

 

IPv6 routing: static routing

IPv6

IPv6 address types: Unicast

 

IPv6: ICMPv6

 

IPv6: ICMPv6 redirect

 

IPv6: IPv6 MTU path discovery

 

IPv6: IPv6 neighbor discovery

 

IPv6: IPv6 stateless autoconfiguration

 

IPv6: IPv6 static cache entry for neighbor discovery

 

IPv6: neighbor discovery duplicate address detection

 

IPv6: ping

IPv6 Data Link Layer

IPv6 data link: Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet

 

IPv6 data link: VLANs using IEEE 802.1Q encapsulation

IPv6 Switching Services

IPv6 switching: Cisco Express Forwarding/ Distributed Cisco Express Forwarding Support

IPv6 QoS (Quality of Service)

IPv6 QoS: MQC packet classification

 

IPv6 QoS: MQC packet marking/re-marking

 

IPv6 QoS: MQC traffic policing

 

IPv6 QoS: MQC traffic shaping

 

IPv6 QoS: MQC weighted random early detection (WRED)-based drop

 

IPv6 QoS: queueing

 

Labels:
0 Helpful
2 Replies 2

James Leinweber
Level 4
Level 4

‎08-27-2014 11:54 AM

I'm not sure about all of the specific things you are querying, but in general the IPv6 support is much more advanced in 9.x than in any of the 8's, and I would strongly recommend going to 9.0 or 9.1 if you want to run dual-stack with IPv6 enabled.  I'm running 9.0 dual-stack currently.  You definitely get all of the link layer types, ping, neighbor discovery including DAD, SLAAC, 802.1Q vlan tags, static routes, IPsec tunnels, etc. 

Don't forget that the clients will expect to see ICMPv6 router advertisements, and that the firewall (routed mode) or router (transparent mode) RA flags control the client DHCPv6 behaviors if they aren't static.  In transparent mode you will have to pass at least ICMPv6 types 133-136 (router & neighbor's solicit &advertise).

You do need more memory to get to 8.3 or later; check the release notes versus your current hardware.  The IPv4 NAT is completely different in the later versions (real unmapped addresses in the ACLs, heavy use of the new network objects), also as of 9.0 they unified the IPv4 and IPv6 access lists and groups, so that the "any" keyword is now dual-protocol; there are new "any4" and "any6" keywords for writing single-protocol ACLs.

-- Jim Leinweber, WI State Lab of Hygiene

pgibran
Level 1
Level 1
In response to James Leinweber

‎08-28-2014 04:18 PM

Thanks.

I'll try to see if I can go directly to version 9 and how this affects NAT an ACL, maybe is "less intrusive" than version 8.3.

Any other advice, I'll read it. Regards!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents