EasyManua.ls Logo

Cisco ASA 5585-X

Cisco ASA 5585-X
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
1-28
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Inspection of Basic Internet Protocols
IPv6 Inspection
Detailed Steps
Examples
The following example creates an inspection policy map that will drop and log all IPv6 packets with the
hop-by-hop, destination-option, routing-address, and routing type 0 headers:
policy-map type inspect ipv6 ipv6-pm
parameters
match header hop-by-hop
Command Purpose
Step 1
policy-map type inspect ipv6 name
Example:
hostname(config)# policy-map type inspect
ipv6 ipv6-map
Creates an inspection policy map.
Step 2
match header header
[drop [log] | log]
Example:
hostname(config-pmap)# match header ah
hostname(config-pmap-c)# drop log
hostname(config-pmap-c)# match header esp
hostname(config-pmap-c)# drop log
Specifies the headers you want to match. By default, the packet is
logged (log); if you want to drop (and optionally also log) the
packet, enter the drop and optional log commands in match
configuration mode.
Re-enter the match command and optional drop action for each
extension you want to match:
ah—Matches the IPv6 Authentication extension header
count gt number—Specifies the maximum number of IPv6
extension headers, from 0 to 255
destination-option—Matches the IPv6 destination-option
extension header
esp—Matches the IPv6 Encapsulation Security Payload
(ESP) extension header
fragment—Matches the IPv6 fragment extension header
hop-by-hop—Matches the IPv6 hop-by-hop extension
header
routing-address count gt number—Sets the maximum
number of IPv6 routing header type 0 addresses, greater than
a number between 0 and 255
routing-type {eq | range} number—Matches the IPv6
routing header type, from 0 to 255. For a range, separate
values by a space, for example, 30 40.
Step 3
parameters
[no] verify-header {order | type}
Example:
hostname(config-pmap)# parameters
hostname(config-pmap-p)# no verify-header
order
hostname(config-pmap-p)# no verify-header
type
Specifies IPv6 parameters. These parameters are enabled by
default. To disable them, enter the no keyword.
[no] verify-header type—Allows only known IPv6
extension headers
[no] verify-header order—Enforces the order of IPv6
extension headers as defined in the RFC 2460 specification

Table of Contents

Other manuals for Cisco ASA 5585-X

Preview: Quick Start Guide
Quick Start Guide6 pages
Preview: Configuration Guide
Configuration Guide428 pages
Preview: Maintenance Manual
Maintenance Manual44 pages

Related product manuals