Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
261
Views
0
Helpful
3
Replies

IPv6 policy-map PIX 515e

Federico Olivieri
Level 1
Level 1

‎07-13-2015 03:21 PM - edited ‎03-11-2019 11:15 PM

Hi all,

 

I'm trying to configure  IPv6 policy map in my Cisco PIX 515e 8.0(4).

 

The guide says:

policy-map type inspect ipv6 name

ciscoasa(config)# policy-map type inspect ipv6 ipv6-map

 

But I don't have that option in my CLI

 

PIX5151e(config)# policy-map ?

configure mode commands/options:
  WORD < 41 char  policy-map name
  type            Specifies the type of policy-map
PIX5151e(config)# policy-map ty
PIX5151e(config)# policy-map type ?

configure mode commands/options:
  inspect  Configure a policy-map of type inspect
PIX5151e(config)# policy-map type ins
PIX5151e(config)# policy-map type inspect ?

configure mode commands/options:
  dcerpc             Configure a policy-map of type DCERPC
  dns                Configure a policy-map of type DNS
  esmtp              Configure a policy-map of type ESMTP
  ftp                Configure a policy-map of type FTP
  gtp                Configure a policy-map of type GTP
  h323               Configure a policy-map of type H.323
  http               Configure a policy-map of type HTTP
  im                 Configure a policy-map of type IM
  ipsec-pass-thru    Configure a policy-map of type IPSEC-PASS-THRU
  mgcp               Configure a policy-map of type MGCP
  netbios            Configure a policy-map of type NETBIOS
  radius-accounting  Configure a policy-map of type Radius Accounting
  rtsp               Configure a policy-map of type RTSP
  sip                Configure a policy-map of type SIP
  skinny             Configure a policy-map of type Skinny
PIX5151e(config)# policy-map type inspect?

 

Any suggestion?

Thank You

Labels:
0 Helpful
3 Replies 3

rvarelac
Level 7
Level 7

‎07-14-2015 08:05 PM

Hi Federico , 

 

I don't see the IPv6 option  under the command reference for that release . 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/command/reference/cmd_ref/p.html#wp1883549

The PIX was out of support a couple of years ago , I think that unfortunately If you want to use an IPv6 policy-map you need to migrate to an ASA to support higher codes. 

 

Hope it helps

-Randy-

 

0 Helpful

Federico Olivieri
Level 1
Level 1
In response to rvarelac

‎07-14-2015 11:31 PM

Hi Randy,

 

Thank you for your reply.

 

I bought an (used) PIX 515e just because on the following link is described that from 7.0 version PIX support IPv6 packet inspection

 

http://www.cisco.com/c/en/us/products/collateral/security/pix-515e-security-appliance/product_data_sheet09186a0080091b15.html

 

• Provides access control and deep inspection firewall services for native IPv6 network environments and mixed IPv4/IPv6 network environments through dual-stack support

• Delivers IPv6-enabled inspection services for HTTP, FTP, SMTP, ICMP, TCP, and UDP-based applications

• Supports SSHv2, telnet, HTTP/HTTPS, and ICMP-based management over IPv6

 

I have no experience in security word, maybe the polycy map it is not the correct way to configure the packet inspection.

Thank you

0 Helpful

Federico Olivieri
Level 1
Level 1
In response to Federico Olivieri

‎07-18-2015 08:01 AM

Hi Randy,

 

Any feedback for that?

Thank You

Federico

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card