Name: Cisco ASA 5506-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

13-34

Cisco ASA Series Firewall CLI Configuration Guide

Chapter 13 Inspection of Basic Internet Protocols

IPv6 Inspection

Configure IPv6 Inspection

IPv6 inspection is not enabled by default. You must configure it if you want IPv6 inspection.

Procedure

Step 1 Configure an IPv6 Inspection Policy Map, page 13-34.

Step 2 Configure the IPv6 Inspection Service Policy, page 13-35.

Configure an IPv6 Inspection Policy Map

To identify extension headers to drop or log, or to disable packet verification, create an IPv6 inspection

policy map to be used by the service policy.

Procedure

Step 1 Create an IPv6 inspection policy map.

hostname(config)# policy-map type inspect ipv6 policy_map_name

hostname(config-pmap)#

Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration

mode.

Step 2 (Optional) Add a description to the policy map.

hostname(config-pmap)# description string

Step 3 (Optional) Drop or log traffic based on the headers in IPv6 messages.

a. Identify the traffic based on the IPv6 header.

hostname(config-pmap)# match header type

Where type is one of the following:

• ah—Matches the IPv6 Authentication extension header.

• count gt number—Specifies the maximum number of IPv6 extension headers, from 0 to 255.

• destination-option—Matches the IPv6 destination-option extension header.

• esp—Matches the IPv6 Encapsulation Security Payload (ESP) extension header.

• fragment—Matches the IPv6 fragment extension header.

• hop-by-hop—Matches the IPv6 hop-by-hop extension header.

• routing-address count gt number—Sets the maximum number of IPv6 routing header type 0

addresses, greater than a number between 0 and 255.

• routing-type {eq | range} number—Matches the IPv6 routing header type, from 0 to 255. For

a range, separate values by a space, for example, 30 40.

b. Specify the action to perform on matching packets. You can drop the packet and optionally log it,

or just log it. If you do not enter an action, the packet is logged.

hostname(config-pmap)# {drop [log] | log}

Other manuals for Cisco ASA 5506-X

Quick Start Guide14 pages

Easy Setup Guide11 pages

Installation Guide46 pages

Software Guide37 pages

Hardware Installation Guide52 pages

Mount And Connect12 pages

Mount The Chassis10 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco ASA 5506-X and is the answer not in the manual?

Cisco ASA 5506-X Specifications

General

Model	ASA 5506-X
Firewall Throughput	750 Mbps
Maximum Firewall Connections	50, 000
Maximum VPN Peers	50
Integrated Ports	8 x 1 GE
Stateful Inspection Throughput	750 Mbps
Weight	4.4 lb (2 kg)
Firewall Throughput (Multiprotocol)	750 Mbps
Firewall Throughput (Application Visibility and Control AVC)	250 Mbps
Concurrent Sessions	50, 000
New Connections per Second	10, 000
IPsec VPN Throughput	100 Mbps
Interfaces	8 x 1 GE
Memory	4 GB
Flash Memory	8 GB
Form Factor	Desktop
VPN Throughput	100 Mbps
Maximum Concurrent Sessions	50, 000
New Sessions per Second	10, 000
Operating Temperature	32 to 104°F (0 to 40°C)
Storage Temperature	-13 to 158°F (-25 to 70°C)
Power Supply	External
Humidity	10% to 90% non-condensing