[c-nsp] So when is IPv6 failover coming to the ASA?
Andrew Yourtchenko
ayourtch at cisco.com
Fri Oct 9 07:30:56 EDT 2009
Hi Alan, Gert,
first of all - thanks for sharing!
On Fri, 9 Oct 2009, Alan Buxey wrote:
>>> @all: does everyone (who does deal with firewalls+IPv6) have also the
>>> almost identical IPv4 and IPv6 policies ?
>
> pretty much so - why would the policy be any different? incoming port 80
E.g. if someone has the applications that they know are IPv4-only,
depending on the security policy one might either keep both v6 and v4
ports open, or only v4. I've seen much more v4-only policies than v4+v6,
so wanted to get a better picture.
> traffic to a web server is same whether its v4 or v6 - the target must
> be known and checked. likewise outgoing customer traffic etc. its just
> a new way of delivering the same TCP/UDP data after all.
>
> the only different we have is with respect to allowed multicast and ICMP
> as IPv6 uses a lot of that to function properly :-)
>
Indeed. :-)
kind regards,
andrew
More information about the cisco-nsp
mailing list