cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
541
Views
0
Helpful
2
Replies

access-list to IPv6 on Pix

sercopi
Level 1
Level 1

Good evening I have a customer which would try IPv6 on his host.

His host server is allocated on a DMZ on my Pix 525 rel.7.1(2).

Now i must put an ACL that permit IPv6 on his host.

How can write an ACL to permit IPv6 traffic from and to this host server?

Any information that you can send ne are welcomed.

Best Regards

Davide

2 Replies 2

a.kiprawih
Level 7
Level 7

Hi Davide,

The IPv6 ACL looks very similar to normal (IPv4) ACL, except for the 'ipv6' keyword and addressing part. You have to enable IPv6 on the DMZ interface and on the interface where the incoming IPv6 is coming, e.g outside interface. But you can also use dual-stack (IPv4-to-IPv6) if required.

Example

hostname(config)# ipv6 access-list id [line num] {permit | deny} protocol source

[src_port] destination [dst_port]

ipv6 access-list outacl permit tcp 2001:400:2:1::/64 2001:400:1:1::/64 eq www

More details on IPv6 ACL is available at:

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a008054d50c.html

Rgds,

AK

Hi Amrih,

thank's very much for your answer and for the link that you suggested me, it's the first time to me to configure IPv6 on a appliance.

I think I'll be use dual stack (IPv4-to-IPv6) because all my network address plan is IPv4, an this is the first request of IPv6 support.

Thank's very much for your support.

Best Regards

Davide

Review Cisco Networking for a $25 gift card