[c-nsp] So when is IPv6 failover coming to the ASA?

[Andrew Yourtchenko]

On Thu, 8 Oct 2009, Leif Sawyer wrote:

> Andrew Yourtchenko writes, in response to
>> Nick Hilliard whom wrote:
>>
>>> Unfortunately, ASA boxes are beloved of enterprises, and
>>> ipv6 is very much down the list as far as the enterprise
>>> market segment is concerned.  The service provider market
>>> has significantly different needs, but Cisco's ASA product
>>> managers are not especially focussed on this segment.
>>
>> 8.2.2 should make the ipv6 and failover better friends than
>> they are now.
>
> How about some love for the FWSM's as well?
>
> I'm part of a service provider operation.  We don't get any love
> for IPv6 support here.  Driving me crazy.
>
> I mean, seriously, do I have to rip out the FWSM's and put in
> 10GE trunks to a pair of Linux boxes just to get IPv4+IPv6 to work
> correctly at the same time?
>
> It'd probably save me time and effort in the long run. Sigh.

My mail was about ASA. What was applicable to FWSM, I wrote in a thread 
half a year ago - my apologies for not being able to add anything to that.

< and if I were to write anything about messengers, it'd go here :-) >

>
> And while you're at it, Cisco,  *PLEASE*  fix the ASDM IPv6 support
> such that I can just drop in the IPv6 object into an existing
> rule, and the back end figures out the magic?  I shouldn't have to
> duplicate all my rules for both IPv4 and IPv6.

ASDM rules<->config is bidirectional, so the magic would need to be 
an invertible function - hence it is more difficult than it seems.
Nonetheless, I'll mention this to ASDM folks when I have a chance.

Mind unicasting me your config so I could take a look at it ?

@all: does everyone (who does deal with firewalls+IPv6) have also the 
almost identical IPv4 and IPv6 policies ?

kind regards,
andrew