EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1134 background imageLoading...
Page #1134 background image
1-28
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Inspection of Basic Internet Protocols
IPv6 Inspection
Detailed Steps
Examples
The following example creates an inspection policy map that will drop and log all IPv6 packets with the
hop-by-hop, destination-option, routing-address, and routing type 0 headers:
policy-map type inspect ipv6 ipv6-pm
parameters
match header hop-by-hop
Command Purpose
Step 1
policy-map type inspect ipv6 name
Example:
hostname(config)# policy-map type inspect
ipv6 ipv6-map
Creates an inspection policy map.
Step 2
match header header
[drop [log] | log]
Example:
hostname(config-pmap)# match header ah
hostname(config-pmap-c)# drop log
hostname(config-pmap-c)# match header esp
hostname(config-pmap-c)# drop log
Specifies the headers you want to match. By default, the packet is
logged (log); if you want to drop (and optionally also log) the
packet, enter the drop and optional log commands in match
configuration mode.
Re-enter the match command and optional drop action for each
extension you want to match:
• ah—Matches the IPv6 Authentication extension header
• count gt number—Specifies the maximum number of IPv6
extension headers, from 0 to 255
• destination-option—Matches the IPv6 destination-option
extension header
• esp—Matches the IPv6 Encapsulation Security Payload
(ESP) extension header
• fragment—Matches the IPv6 fragment extension header
• hop-by-hop—Matches the IPv6 hop-by-hop extension
header
• routing-address count gt number—Sets the maximum
number of IPv6 routing header type 0 addresses, greater than
a number between 0 and 255
• routing-type {eq | range} number—Matches the IPv6
routing header type, from 0 to 255. For a range, separate
values by a space, for example, 30 40.
Step 3
parameters
[no] verify-header {order | type}
Example:
hostname(config-pmap)# parameters
hostname(config-pmap-p)# no verify-header
order
hostname(config-pmap-p)# no verify-header
type
Specifies IPv6 parameters. These parameters are enabled by
default. To disable them, enter the no keyword.
• [no] verify-header type—Allows only known IPv6
extension headers
• [no] verify-header order—Enforces the order of IPv6
extension headers as defined in the RFC 2460 specification

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals