cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

557
Views
0
Helpful
2
Replies
Highlighted
Beginner

ASA 5550 IPv6 Compatibility

Hi All,

I need to understand if ASA 5550 ver 8.2(1) is comptible with IPv6, if not what is the upgrade path to make it IPv6 compatible. The requirement is dual stack of IPv4 and IPv6 should run in the same HA cluster and later will shift IPv6 completely.

The existing infrastructure is equipped with ASA with HA Active/Active mode. The command output for required details are attached here in txt mode.

Thanks in Advance

Sujit

2 REPLIES 2
Highlighted
Enthusiast

IPv6 support by Cisco has been evolving.  8.2 firmware can:

   * assign IPv6 addresses to interfaces

   * generate RA's (or not, if you do ipv6 nd suppress-ra)

   * filter IPv6 traffic analogously to IPv4

In the 8-series firmware IPv4 and IPv6 are filtered separately; you will have to make parallel access lists and use two access-group statements to apply both protocols to each dual-stack interface.   In version 9 they unify the ACL's and the "any" keyword mutates to represent both kinds of addresses; there are new keywords "any4" and "any6" when you want write a mono-stack ACE.

If I remember correctly, in 8.2 failover has to be configured on a v4-only subnet, but will clone the v6 state.  I don't remember which release introduced IPv6 IPsec tunneling; that might not be in 8.2.  Check the release notes.

Prior to about 8.4(4) a transparent mode bug  dropped upstream RA's, which prevents most IPv6 clients from working.  It was OK in routed mode.

-- Jim Leinweber, WI State Lab of Hygiene

Highlighted

I need to understand if ASA 5550 ver 8.2(1) is comptible with IPv6, if not what is the upgrade path to make it IPv6 compatible. The requirement is dual stack of IPv4 and IPv6 should run in the same HA cluster and later will shift IPv6 completely.

Here are some useful facts for you

IPv6 address command appeared on 7.0.1

IPv6 support on transparent mode appeared on 8.2.1

IPv6 address support for an standby interface ( failover) appeared on 8.2.2

In the latest 8.3 code support for L2L VPN for IPv6 scenarios have been added.

9.0(1) Features

OSPFv3  support.

DNS inspection.

NAT supported on IPv6 traffic and also from IPv4 to IPv6( From IPv4 to IPv6 NAT is not supported on Transparent Mode).

DHCP for IPv6 (DHCPv6) relay.

IPv6 VPN connections to its outside interface using SSL and IKEv2/IPsec protocols.

Remember to rate all of the helpful posts

Julio Carvajal

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Content for Community-Ad