Hello all,
I am trying to configure Zone Based Firewall (IOS 15.2T) on Cisco 881 router for IPv6. Current setup is simple:
Zone:
LAN --> WAN |
---|
zone security LAN zone security WAN ! class-map type inspect match-any Internet-cmap match protocol dns match protocol http match protocol https match protocol icmp match protocol ftp match protocol pop3 match protocol pop3s match protocol smtp ! policy-map type inspect Internet-pmap class type inspect Internet-cmap inspect ! zone-pair security LAN-WAN source LAN destination WAN service-policy type inspect Internet-pmap |
Zone:
WAN--> self deny everything.
Current configuration behaves as expected for IPv4, but blocks all IPv6 traffic. If zone-security is removed from WAN interface IPv6 works normally (connected to Internet). As soon as zone-security is enabled on WAN interface all IPV6 traffic is discarded when connecting to Internet from local LAN.
Error messages on console:
Half-open Sessions source destination tcp SIS_OPENING/TCP_SYNSENT
Are there any specia settings for ZBF which should be turned on for IPv6 protocol?
Thank you and kind regards,
Marko