Cisco ASA Series Cli Configuration Manual page 1135

Chapter 1 Configuring Inspection of Basic Internet Protocols
drop log
match header destination-option
drop log
match header routing-address count gt 0
drop log
match header routing-type eq 0
drop log
Configuring IPv6 Inspection
To enable IPv6 inspection, perform the following steps.
Detailed Steps
Command
Step 1
class-map name
Example:
hostname(config)# class-map ipv6_traffic
Step 2
match parameter
Example:
hostname(config-cmap)# match access-list
ipv6
Step 3
policy-map name
Example:
hostname(config)# policy-map ipv6_policy
Step 4
class name
Example:
hostname(config-pmap)# class ipv6_traffic
Step 5
inspect ipv6 [ipv6_policy_map]
Example:
hostname(config-class)# inspect ipv6
ipv6-map
Step 6
service-policy policymap_name {global |
interface interface_name}
Example:
hostname(config)# service-policy
ipv6_policy outside
Purpose
Creates a class map to identify the traffic for which you want to
apply the inspection.
Specifies the traffic in the class map. See the
(Layer 3/4 Class Maps)" section on page 1-12
information.
Adds or edits a policy map that sets the actions to take with the
class map traffic.
Identifies the class map created in
Configures IPv6 inspection. Specify the inspection policy map
you created in the "(Optional) Configuring an IPv6 Inspection
Policy Map" section on page
Activates the policy map on one or more interfaces. global applies
the policy map to all interfaces, and interface applies the policy
to one interface. Only one global policy is allowed. You can
override the global policy on an interface by applying a service
policy to that interface. You can only apply one policy map to
each interface.
Cisco ASA Series CLI Configuration Guide
IPv6 Inspection
"Identifying Traffic
for more
Step 1
1-27.
1-29