[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPv6 filtering

Subject: IPv6 filtering
From: mloftis at wgops.com (Michael Loftis)
Date: Wed, 26 Jan 2011 13:24:27 -0700
In-reply-to: <[email protected]>
References: <32507261.286.1296018229100.JavaMail.franck@franck-martins-macbook-pro.local> <[email protected]> <[email protected]>

On Tue, Jan 25, 2011 at 10:49 PM, Mark D. Nagel <mnagel at willingminds.com> wrote:

> This can bite you in unexpected ways, too. ?For example, on a Cisco ASA,
> if you add a system-level 'icmpv6 permit' line and if this does not
> include ND, then you break ND responses to the ASA. ?This is much unlike
> ARP, which is unaffected by 'icmp permit' statements for IPv4. ?And, the
> default with no such lines is to permit all ICMP/ICMPv6 to the ASA. This
> seems so obvious in retrospect, but at the time was a bit of a
> head-scratcher.
>

ARP is a seperate protocol supporting IPv4 ... For IPv6 ND is done
using ICMPv6 messages.  A bit confusing transitioning from IPv4/ARP
for sure.

> Mark

References:
- IPv6 filtering
  - From: franck at genius.com (Franck Martin)
- IPv6 filtering
  - From: owen at delong.com (Owen DeLong)
- IPv6 filtering
  - From: mnagel at willingminds.com (Mark D. Nagel)

Prev by Date: Ipv6 for the content provider
Next by Date: Ipv6 for the content provider
Previous by thread: IPv6 filtering
Next by thread: IPv6 filtering
Index(es):
- Date
- Thread