I have a Cisco ASA 5505, public ipv6 in outside interface, private ipv6 in LAN, from router I can ping any ipv6 in Internet and ping my LAN ipv6. Traffic doesn't go through router.
This is my configuration.
interface Vlan1 nameif inside security-level 100 ip address PRIV-Saturn1 255.255.255.0 ipv6 address fc00::1/7 ipv6 enable!interface Vlan2 nameif outside security-level 0 ip address PUBLIC26 255.255.255.248 ipv6 address xxxx:yyyy:67:36::2/64 ipv6 enable ipv6 nd suppress-ra
access-list Dynamic_Filter_ACL extended permit tcp any6 any6
ipv6 route outside ::/0 xxx:yyyy:67:36::1
Am I omitting anything?
Thanks in advance for the help.
Since you're using IPv6 private addressing (fc00::) on the inside, you need a dynamic NAT entry to translate your private IPv6 addresses to a public one.
Alternatively, you could just use a subnet of your registered IPv6 block for the inside network and not worry about NAT.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: