06-16-2006 06:35 AM - edited 02-21-2020 12:58 AM
Good evening I have a customer which would try IPv6 on his host.
His host server is allocated on a DMZ on my Pix 525 rel.7.1(2).
Now i must put an ACL that permit IPv6 on his host.
How can write an ACL to permit IPv6 traffic from and to this host server?
Any information that you can send ne are welcomed.
Best Regards
Davide
06-16-2006 08:14 AM
Hi Davide,
The IPv6 ACL looks very similar to normal (IPv4) ACL, except for the 'ipv6' keyword and addressing part. You have to enable IPv6 on the DMZ interface and on the interface where the incoming IPv6 is coming, e.g outside interface. But you can also use dual-stack (IPv4-to-IPv6) if required.
Example
hostname(config)# ipv6 access-list id [line num] {permit | deny} protocol source
[src_port] destination [dst_port]
ipv6 access-list outacl permit tcp 2001:400:2:1::/64 2001:400:1:1::/64 eq www
More details on IPv6 ACL is available at:
Rgds,
AK
06-17-2006 02:49 AM
Hi Amrih,
thank's very much for your answer and for the link that you suggested me, it's the first time to me to configure IPv6 on a appliance.
I think I'll be use dual stack (IPv4-to-IPv6) because all my network address plan is IPv4, an this is the first request of IPv6 support.
Thank's very much for your support.
Best Regards
Davide
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide