Configuring Ipv6 Access Lists - Cisco PIX 500 Series Configuration Manual

Security appliance command line

Hide thumbs Also See for PIX 500 Series:

Administration manual (653 pages)

Quick start manual (72 pages)

User manual (60 pages)

Table of Contents

Configuring IPv6

To add the default route, use the following command:

hostname(config)# ipv6 route if_name ::/0 next_hop_ipv6_addr

The address ::/0 is the IPv6 equivalent of "any."

(Optional) Define IPv6 static routes. Use the following command to add an IPv6 static route to the IPv6

routing table:

hostname(config)# ipv6 route if_name destination next_hop_ipv6_addr [ admin_distance ]

The ipv6 route command works like the route command used to define IPv4 static routes.

Configuring IPv6 Access Lists

Configuring an IPv6 access list is similar configuring an IPv4 access, but with IPv6 addresses.

To configure an IPv6 access list, perform the following steps:

Create an access entry. To create an access list, use the ipv6 access-list command to create entries for

the access list. There are two main forms of this command to choose from, one for creating access list

entries specifically for ICMP traffic, and one to create access list entries for all other types of IP traffic.

The following describes the arguments for the ipv6 access-list command:

Cisco Security Appliance Command Line Configuration Guide

To create an IPv6 access list entry specifically for ICMP traffic, enter the following command:

hostname(config)# ipv6 access-list id [line num] {permit | deny} icmp source

destination [ icmp_type ]

To create an IPv6 access list entry, enter the following command:

hostname(config)# ipv6 access-list id [line num ] {permit | deny} protocol source

[ src_port ] destination [ dst_port ]

id—The name of the access list. Use the same id in each command when you are entering multiple

entries for an access list.

line num—When adding an entry to an access list, you can specify the line number in the list where

the entry should appear.

permit | deny—Determines whether the specified traffic is blocked or allowed to pass.

icmp—Indicates that the access list entry applies to ICMP traffic.

protocol—Specifies the traffic being controlled by the access list entry. This can be the name (ip,

tcp, or udp) or number (1-254) of an IP protocol. Alternatively, you can specify a protocol object

group using object-group grp_id.

source and destination—Specifies the source or destination of the traffic. The source or destination

can be an IPv6 prefix, in the format prefix/length, to indicate a range of addresses, the keyword any,

to specify any address, or a specific host designated by host

Configuring IPv6

host_ipv6_addr.

Troubleshooting

Asa 5500 series

Configuring Ipv6 Access Lists - Cisco PIX 500 Series Configuration Manual

Configuring IPv6 Access Lists

Troubleshooting

Related Manuals for Cisco PIX 500 Series

Related Content for Cisco PIX 500 Series

This manual is also suitable for:

Table of Contents