Cisco Systems and the ASA Services Module Manual De Usuario
10-29
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 10 Configuring Inspection of Basic Internet Protocols
IPv6 Inspection
drop log
match header destination-option
drop log
match header routing-address count gt 0
drop log
match header routing-type eq 0
drop log
Configuring IPv6 Inspection
To enable IPv6 inspection, perform the following steps.
Detailed Steps
Command
Purpose
Step 1
class-map
name
Example:
ciscoasa(config)# class-map ipv6_traffic
Creates a class map to identify the traffic for which you want to
apply the inspection.
apply the inspection.
Step 2
match
parameter
Example:
ciscoasa(config-cmap)# match access-list
ipv6
Specifies the traffic in the class map. See the
for more
information.
Step 3
policy-map
name
Example:
ciscoasa(config)# policy-map ipv6_policy
Adds or edits a policy map that sets the actions to take with the
class map traffic.
class map traffic.
Step 4
class
name
Example:
ciscoasa(config-pmap)# class ipv6_traffic
Identifies the class map created in
Step 5
inspect ipv6
[ipv6_policy_map]
Example:
ciscoasa(config-class)# inspect ipv6
ipv6-map
Configures IPv6 inspection. Specify the inspection policy map
you created in the
you created in the
Step 6
service-policy
policymap_name {global |
interface
interface_name}
Example:
ciscoasa(config)# service-policy
ipv6_policy outside
Activates the policy map on one or more interfaces. global applies
the policy map to all interfaces, and interface applies the policy
to one interface. Only one global policy is allowed. You can
override the global policy on an interface by applying a service
policy to that interface. You can only apply one policy map to
each interface.
the policy map to all interfaces, and interface applies the policy
to one interface. Only one global policy is allowed. You can
override the global policy on an interface by applying a service
policy to that interface. You can only apply one policy map to
each interface.