Pix 515 and IPV6 - Cisco Community

997

Views

0

Helpful

1

Replies

I have a pix 515 with 3 interfaces running pix software 7.1(1)

e0 outside 3ffe:xxxx::101/64

e1 frontporch 3ffe:xxxx:1:101/64

e2 inside 3ffe:xxxx:2:101/64

All interfaces have ipv6 enabled and neighbor discovery disabled and router advertisment is suppressed.

I would like to host a web server on the frontporch zone of the firewall.

I need the webserver to be accessable via ::/0 (the internet) as well as the inside 3ffe:xxxx:2::/64

I added the following access list

ipv6 access-list incoming permit tcp any eq www host 3ffe:xxxx:1::a6a6

access-group incoming in interface outside

What else am I missing?

for debugging, I added another access list with icmp enabled

ipv6 access-list incoming permit icmp6 any any

from the inside address I can communicate with the outside ::/0 (sprintv6.net) but am unable to communicate with hosts on the frontporch. from the outside or inside.

Firefox can't establish a connection to the server at [3ffe:xxxx:1::a6a6]

the security levels are 0 for ouside

10 for frontporch and 100 for inside.

Any advice you could offer would be benificial.

1 Reply 1

ipv6 access-list incoming permit tcp any eq www host 3ffe:xxxx:1::a6a6

looks like you can't get to the server since the source is "any eq www" ....which isn't the case. the source would be some dynamically generated tcp port....it's the destination that is eq www.... so probably should be....

ipv6 access-list incoming permit tcp any host 3ffe:xxxx:1::a6a6 eq www

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card