I'm trying to test ipv6 on an ASA. I want to pass all ipv6 traffic from the inside to the outside using the simplest possible routed configuration. I think I must be missing something, because the config I think should work doesn't seem to pass traffic. This configuration passes my ipv4 traffic from inside to outside successfully but not ipv6.
I think I must've missed something really obvious that I need to do on the ipv6 side, maybe someone can help me out? Do I have the ipv6 static route configured incorrectly?
I have replaced all global / public addresses with documentation / private addresses in my config. The ASA in question really has public ip addresses and unique global addresses.
ASA Version 8.2(1) ! hostname asa-ipv6-at-120wjefferson domain-name redacted enable password redacted passwd redacted names ! interface Ethernet0/0 nameif outside security-level 0 ip address 192.168.33.2 255.255.255.252 ipv6 address 2001:DB8::7:3012/124 ipv6 enable ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.33.17 255.255.255.240 ipv6 address 2001:DB8:7300::/64 eui-64 ipv6 enable ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address ! ftp mode passive dns server-group DefaultDNS domain-name illinois.gov pager lines 24 mtu inside 1500 mtu outside 1500 ipv6 route outside ::/0 2001:DB8::7:3011 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 route outside 0.0.0.0 0.0.0.0 192.168.33.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet 192.168.33.16 255.255.255.240 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.33.19-192.168.33.30 inside dhcpd dns 220.127.116.11 18.104.22.168 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global prompt hostname context Cryptochecksum:cfd3b922f0a88745bbf8d56520e437a6 : end
Learn about the rapidly evolving cyberthreat landscape and how both organizations and users can protect themselves as we transition to a forever hybrid world through a conversation with Cisco Talos Security Research Leader for Europe, Middle East, Africa,...
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.
The future of work isn’t “changing” to a h...
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q...
Cisco Secure Endpoint
New packages fit for every organization
Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit...