05-04-2014 12:25 AM - edited 03-04-2019 10:54 PM
I have a dual stacked router for both ipv4 and ipv6. Ipv4 traffic should pass the zbf untouched due to the fact that there is another rock solid ipv4 firewall egress of the inside Interface. Is there a way that a class map like this could function on ipv6 traffic only?:
class-map type inspect match-any fullproto
description Permitted Traffic to internet
match protocol http
match protocol https
match protocol dns
match protocol imaps
match protocol icmp
match protocol ftp
match protocol ntp
match protocol rtsp
match protocol realmedia
match protocol netshow
match protocol appleqtc
match protocol streamworks
match protocol vdolive
match protocol ssh
match protocol user-rdp
So far there is only a CBAC solution in place for ipv6.
I'm showing my Interfaces:
interface FastEthernet0/0
description *** Inside IPV6 ***
no ip address
speed auto
full-duplex
ipv6 address FE80::1 link-local
ipv6 address ????:????:????:10::1/64
ipv6 nd other-config-flag
ipv6 dhcp relay destination ?:?:?:10::12
ipv6 traffic-filter inne6-inn in
no cdp enable
no mop enabled
interface FastEthernet0/0.4
description *** Inside IPV4 ***
encapsulation dot1Q 4
ip address 82.?.?.129 255.255.255.248
no cdp enable
interface FastEthernet0/1
description *** Outside ***
ip address 82.?.?.42 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
speed auto
full-duplex
ipv6 address FE80::2 link-local
ipv6 address ?:599::2/126
ipv6 enable
ipv6 nd prefix default no-advertise
ipv6 nd prefix ?:599::/126 no-advertise
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 nd router-preference High
ipv6 inspect ipv6-cbac out
ipv6 traffic-filter ut-inn6 in
no cdp enable
no mop enabled
Please advise.
Regards,
Henning
05-04-2014 12:58 AM
I didn't test it, but what about the following:
05-05-2014 01:48 AM
Thanks for the tip !
Would it be possible to add fastethernet 0/0.4 to the outside zone (while fastethernet 0/0 is in the inside zone), hence both ip4 segments in the same zone and no zbf processing?
05-05-2014 09:15 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide