IPv6 filtering

• Previous message (by thread): IPv6 filtering
• Next message (by thread): IPv6 filtering
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 25, 2011 at 10:49 PM, Mark D. Nagel <mnagel at willingminds.com> wrote:

> This can bite you in unexpected ways, too.  For example, on a Cisco ASA,
> if you add a system-level 'icmpv6 permit' line and if this does not
> include ND, then you break ND responses to the ASA.  This is much unlike
> ARP, which is unaffected by 'icmp permit' statements for IPv4.  And, the
> default with no such lines is to permit all ICMP/ICMPv6 to the ASA. This
> seems so obvious in retrospect, but at the time was a bit of a
> head-scratcher.
>

ARP is a seperate protocol supporting IPv4 ... For IPv6 ND is done
using ICMPv6 messages.  A bit confusing transitioning from IPv4/ARP
for sure.

> Mark

• Previous message (by thread): IPv6 filtering
• Next message (by thread): IPv6 filtering
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]