[c-nsp] FWSM and mixed IPv4/IPv6 access-list
Petreski, Samuel
samuel-petreski at uiowa.edu
Wed Mar 4 17:35:14 EST 2009
One thing that I have had problems with is sourcing a high number of IPv6
pings (~10K) from the FWSM in routed mode; it makes the FWSM freeze. Don't
do this if you don't have console access. I was running FWSM 4.0.3.
Good luck IPv6ing!
--Samuel
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Leif Sawyer
Sent: Tuesday, March 03, 2009 7:56 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] FWSM and mixed IPv4/IPv6 access-list
Justin M. Streiner writes in reply to:
> On Tue, 3 Mar 2009, Leif Sawyer wrote:
>
>> Is anybody working with FWSM's and mixed-mode IPv4+IPv6 ACL's?
>>
>> I'm having trouble with traceroute6 not succeeding, but
>> ping6 working fine:
>
> You might be getting caught by flawed behavior of the FWSM.
> I've run into something similar with straight v4 firewall
> zones where certain flavors of traceroute will be dropped by
> the blade. When it was first reported to us, we thought is
> was a broken fixup, but the behavior persisted after the
> fixup was disabled. No word on a fix from Cisco.
Hrm. I guess it's time to open a ticket, then.
Damn. I hate dealing with TAC on complex issues.
And it's not like CiscoPress is up-to-date. what, 6 pages on Ipv6
in the FWSM manual? friggin joke.
> On a somewhat unrelated note, how has the v6 performance been
> on the FWSMs for you? Everything I've heard from Cisco and
> other sources suggests that the v6 packets are much more
> expensive for the FWSM to forward, so performance would
> suffer greatly.
Just starting to roll this out, so no load to speak of.
Can't wait to see what next issue creeps up!
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3175 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090304/6ca781f0/attachment-0001.bin>
More information about the cisco-nsp
mailing list