[c-nsp] icmpv6 through ASA
Justin M. Streiner
streiner at cluebyfour.org
Fri Jul 25 17:24:14 EDT 2014
On Fri, 25 Jul 2014, Scott Voll wrote:
> How do you allow ICMPv6 into your network with a cisco ASA?
Mane sure running a fairly recent version of ASA code / ASDM.
There is be a protocol type for icmp6. Also, keep in mind that some
ICMPv6 needs to be able to get in from anywhere (for path MTU discovery,
etc), some only needs to be allowed in from the link-local range, and some
can (and should) be denied.
ICMPv6 is a very different animal from ICMP in the IPv4 world. I'd
definitely recommend reading up on it before deploying a security policy.
While many sites treat IPv4 ICMP as an afterthought or something evil that
should be blocked at all costs, ICMPv6 is much more central to the proper
operation of an IPv6 network.
jms
More information about the cisco-nsp
mailing list