Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1266
Views
0
Helpful
0
Replies

Cisco ASA 5505 IPv6 Configuration

ahmed-ejaz
Level 1
Level 1

‎09-11-2018 05:20 AM - edited ‎02-21-2020 08:13 AM

Hi,

 

I have the following interfaces on the firewall:

 

!
interface Vlan2
nameif outside
security-level 0
ip address PublicIPaddress 255.255.255.248
!
interface Vlan717
nameif inside
security-level 100
ip address 192.168.X.1 255.255.255.0
!

object network RDPtoPTSRV00
nat (inside,outside) static interface service tcp 3389 50010
object network RDPtoPTSRV01
nat (inside,outside) static interface service tcp 3389 50020
object network SSHtoPTSRV02
nat (inside,outside) static interface service tcp ssh 50021
object network SSHtoINSRV01
nat (inside,outside) static interface service tcp ssh 50030
object network tmp_50044toPTSRV01
nat (inside,outside) static interface service tcp 4444 50044
!
nat (inside,outside) after-auto source dynamic any interface

 

There are some internal web servers which are NATed to the Public IPv4 of the firewall as above.

 

The requirement now is to enable IPv6 on the ASA so that these internal servers can be accessed using the ports as mentioned above externally using their IPv6 address.

 

I have received an IPv6 block from the ISP as below:

 

IPV6 Network Address : XXXX:XXXX:XXXX:D00::
IPV6 Network Mask : /64
IPV6 NTE Router LAN Address : XXXX:XXXX:XXXX:D00::1

 

I want the internal servers to have public IPv6 routable addresses from the above range. Now as I understand, I can assign an IPv6 IP address on the Outside interface of the firewall as below:

 

!
interface Vlan2
nameif outside
security-level 0
ip address PublicIPAddress 255.255.255.248

ipv6 enable

ipv6 address XXXX:XXXX:XXXX:D00::2
!

add an IPv6 route on the firewall to point to the ISP gateway XXXX:XXXX:XXXX:D00::1

 

and then give an individual IPv6 address to each internal server from the above range i-e XXXX:XXXX:XXXX:D00::10 - 20 - 30 etc

 

My question is, do I have to give an IPv6 on the inside interface of the firewall i-e VLAN 717?

What will be the IPv6 default gateway on the internal servers? XXXX:XXXX:XXXX:D00::1?

 

I tried the above by emulating through GNS3 but it does not work.

 

I am a bit lost or possibly missing something, any advise/guidance will be much appreciated.

 

Thank you,

 

Kind regards,

Ahmed

1 person had this problem
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card