[c-nsp] FWSM and mixed IPv4/IPv6 access-list
Justin M. Streiner
streiner at cluebyfour.org
Tue Mar 3 20:30:06 EST 2009
On Tue, 3 Mar 2009, Leif Sawyer wrote:
> Is anybody working with FWSM's and mixed-mode IPv4+IPv6 ACL's?
>
> I'm having trouble with traceroute6 not succeeding, but ping6 working
> fine:
You might be getting caught by flawed behavior of the FWSM. I've run into
something similar with straight v4 firewall zones where certain flavors of
traceroute will be dropped by the blade. When it was first reported to
us, we thought is was a broken fixup, but the behavior persisted after
the fixup was disabled. No word on a fix from Cisco.
On a somewhat unrelated note, how has the v6 performance been on the FWSMs
for you? Everything I've heard from Cisco and other sources suggests that
the v6 packets are much more expensive for the FWSM to forward, so
performance would suffer greatly.
jms
More information about the cisco-nsp
mailing list