EasyManuals Logo

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1134 background imageLoading...
Page #1134 background image
1-28
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Inspection of Basic Internet Protocols
IPv6 Inspection
Detailed Steps
Examples
The following example creates an inspection policy map that will drop and log all IPv6 packets with the
hop-by-hop, destination-option, routing-address, and routing type 0 headers:
policy-map type inspect ipv6 ipv6-pm
parameters
match header hop-by-hop
Command Purpose
Step 1
policy-map type inspect ipv6 name
Example:
hostname(config)# policy-map type inspect
ipv6 ipv6-map
Creates an inspection policy map.
Step 2
match header header
[drop [log] | log]
Example:
hostname(config-pmap)# match header ah
hostname(config-pmap-c)# drop log
hostname(config-pmap-c)# match header esp
hostname(config-pmap-c)# drop log
Specifies the headers you want to match. By default, the packet is
logged (log); if you want to drop (and optionally also log) the
packet, enter the drop and optional log commands in match
configuration mode.
Re-enter the match command and optional drop action for each
extension you want to match:
• ah—Matches the IPv6 Authentication extension header
• count gt number—Specifies the maximum number of IPv6
extension headers, from 0 to 255
• destination-option—Matches the IPv6 destination-option
extension header
• esp—Matches the IPv6 Encapsulation Security Payload
(ESP) extension header
• fragment—Matches the IPv6 fragment extension header
• hop-by-hop—Matches the IPv6 hop-by-hop extension
header
• routing-address count gt number—Sets the maximum
number of IPv6 routing header type 0 addresses, greater than
a number between 0 and 255
• routing-type {eq | range} number—Matches the IPv6
routing header type, from 0 to 255. For a range, separate
values by a space, for example, 30 40.
Step 3
parameters
[no] verify-header {order | type}
Example:
hostname(config-pmap)# parameters
hostname(config-pmap-p)# no verify-header
order
hostname(config-pmap-p)# no verify-header
type
Specifies IPv6 parameters. These parameters are enabled by
default. To disable them, enter the no keyword.
• [no] verify-header type—Allows only known IPv6
extension headers
• [no] verify-header order—Enforces the order of IPv6
extension headers as defined in the RFC 2460 specification

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
ModelASA 5505
InterfacesVaries by model (Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, etc.)
High AvailabilityActive/Standby or Active/Active (varies by model)
Power SupplyVaries by model
Form FactorVaries by model
Operating SystemCisco ASA Software
IPsec VPNSupported
SSL VPNSupported
IPS ThroughputVaries by model

Related product manuals