Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
1
Replies

Cisco asa 5505: No traffic lan to wan with IPv6

Jose Pena
Level 1
Level 1

‎05-21-2014 12:33 AM - edited ‎03-11-2019 09:13 PM

Hello everybody,

I have a Cisco ASA 5505, public ipv6 in outside interface, private ipv6 in LAN, from router I can ping any ipv6 in Internet and ping my LAN ipv6. Traffic doesn't go through router.

This is my configuration.

interface Vlan1
 nameif inside
 security-level 100
 ip address PRIV-Saturn1 255.255.255.0
 ipv6 address fc00::1/7
 ipv6 enable
!
interface Vlan2
 nameif outside
 security-level 0
 ip address PUBLIC26 255.255.255.248
 ipv6 address xxxx:yyyy:67:36::2/64
 ipv6 enable
 ipv6 nd suppress-ra

access-list Dynamic_Filter_ACL extended permit tcp any6 any6

ipv6 route outside ::/0 xxx:yyyy:67:36::1

 

Am I omitting anything?

Thanks in advance for the help.

 

Jos P

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-21-2014 10:32 AM

Since you're using IPv6 private addressing (fc00::) on the inside, you need a dynamic NAT entry to translate your private IPv6 addresses to a public one.

Alternatively, you could just use a subnet of your registered IPv6 block for the inside network and not worry about NAT.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card