nanog mailing list archives
Re: IPv6 filtering
From: Michael Loftis <mloftis () wgops com>
Date: Wed, 26 Jan 2011 13:24:27 -0700
On Tue, Jan 25, 2011 at 10:49 PM, Mark D. Nagel <mnagel () willingminds com> wrote:
This can bite you in unexpected ways, too. For example, on a Cisco ASA, if you add a system-level 'icmpv6 permit' line and if this does not include ND, then you break ND responses to the ASA. This is much unlike ARP, which is unaffected by 'icmp permit' statements for IPv4. And, the default with no such lines is to permit all ICMP/ICMPv6 to the ASA. This seems so obvious in retrospect, but at the time was a bit of a head-scratcher.
ARP is a seperate protocol supporting IPv4 ... For IPv6 ND is done using ICMPv6 messages. A bit confusing transitioning from IPv4/ARP for sure.
Mark
Current thread:
- IPv6 filtering Franck Martin (Jan 25)
- Re: IPv6 filtering Roland Dobbins (Jan 25)
- Re: IPv6 filtering Franck Martin (Jan 25)
- Re: IPv6 filtering Paul Graydon (Jan 25)
- Re: IPv6 filtering Seth Mattinen (Jan 25)
- Message not available
- Re: IPv6 filtering Hank Nussbacher (Jan 25)
- Re: IPv6 filtering Franck Martin (Jan 25)
- Re: IPv6 filtering Roland Dobbins (Jan 25)
- Re: IPv6 filtering Owen DeLong (Jan 25)
- Re: IPv6 filtering Mark D. Nagel (Jan 25)
- Re: IPv6 filtering Michael Loftis (Jan 26)
- Re: IPv6 filtering Mark D. Nagel (Jan 25)
- Re: IPv6 filtering Mikael Abrahamsson (Jan 25)
- Re: IPv6 filtering Mohacsi Janos (Jan 25)