IPV6 in enterprise best practices/white papaers

Justin M. Streiner streiner at cluebyfour.org
Wed Jan 30 18:02:48 UTC 2013

On Mon, 28 Jan 2013, Doug Barton wrote:

> On 1/28/2013 7:27 AM, Eugeniu Patrascu wrote:
>>  - configure IPv6 firewall rules (mostly a mirror of the IPv4 rulesets)
> Hopefully that did not included filtering ICMPv6? :)

The level of IPv6 support in firewalls has been all over the place, even 
from vendors who have known IPv6 was coming for a long time ;)

I published a minimum IPv6 firewall ruleset for Cisco ASAs a while back on 
some other lists and got only a little feedback, so for the benefit of the 
NANOG community, I offer up:


I will be testing the transition from 8.x to 9.x code in my lab as soon as 
this week, so I should have some updated to publish very soon.

Likewise, I'm in the process of getting a DHCPv6 server spun up as well, 
so I'll have some updates to publish there as well.

As always, suggestions and constructive feedback are always welcome.


More information about the NANOG mailing list