Filter
Top Products
11-48
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 11 Configuring Inspection of Basic Internet Protocols
IPv6 Inspection
• Parameters—Configures ESP and AH parameter settings.
–
Limit ESP flows per client—Limits ESP flows per client.
Maximum—Specify maximum limit.
–
Apply ESP idle timeout—Applies ESP idle timeout.
Timeout—Specify timeout.
–
Limit AH flows per client—Limits AH flows per client.
Maximum—Specify maximum limit.
–
Apply AH idle timeout—Applies AH idle timeout.
Timeout—Specify timeout.
IPv6 Inspection
• Information about IPv6 Inspection, page 11-48
• Default Settings for IPv6 Inspection, page 11-48
• (Optional) Configuring an IPv6 Inspection Policy Map, page 11-48
• Configuring IPv6 Inspection, page 11-49
Information about IPv6 Inspection
IPv6 inspection lets you selectively log or drop IPv6 traffic based on the extension header. In addition,
IPv6 inspection can check conformance to RFC 2460 for type and order of extension headers in IPv6
packets.
Default Settings for IPv6 Inspection
If you enable IPv6 inspection and do not specify an inspection policy map, then the default IPv6
inspection policy map is used, and the following actions are taken:
• Allows only known IPv6 extension headers
• Enforces the order of IPv6 extension headers as defined in the RFC 2460 specification
If you create an inspection policy map, the above actions are taken by default unless you explicitly
disable them.
(Optional) Configuring an IPv6 Inspection Policy Map
To identify extension headers to drop or log, and/or to disable packet verification, create an IPv6
inspection policy map to be used by the service policy.
Detailed Steps
Step 1 Choose Configuration > Firewall > Objects > Inspect Maps > IPv6. The Configure IPv6 Maps pane
appears.