- Zone-Based Policy Firewalls
- Zone-Based Policy Firewall IPv6 Support
- VRF-Aware Cisco Firewall
- Zone-Based Policy Firewall High Availability
- Interchassis Asymmetric Routing Support for Zone-Based Policy Firewalls
- WAAS Support in Zone-Based Firewalls
- Zone-Based Firewall Logging Export Using NetFlow
- Cisco IOS Firewall-SIP Enhancements ALG and AIC
- Firewall-H.323 V3 V4 Support
- H.323 RAS Support
- Application Inspection and Control for SMTP
- Subscription-Based Cisco IOS Content Filtering
- Cisco IOS Firewall Support for Skinny Local Traffic and CME
- User-Based Firewall Support
- On-Device Management for Security Features
- Finding Feature Information
- Information About Zone-Based Policy Firewall IPv6 Support
- How to Configure Zone-Based Policy Firewall IPv6 Support
- Configuration Examples for Zone-Based Policy Firewall IPv6 Support
- Additional References for Zone-Based Policy Firewall IPv6 Support
- Feature Information for Zone-Based Policy Firewall IPv6 Support
Zone-Based Policy Firewall IPv6 Support
The zone-based policy firewall IPv6 support feature coexists with the zone-based policy firewall for IPv4 in order to support IPv6 traffic. The feature provides MIB support for TCP, UDP, ICMPv6, and FTP sessions. This document describes how to configure parameter-maps, and to create and use class maps, policy maps, zones and zone pairs.
- Finding Feature Information
- Information About Zone-Based Policy Firewall IPv6 Support
- How to Configure Zone-Based Policy Firewall IPv6 Support
- Configuration Examples for Zone-Based Policy Firewall IPv6 Support
- Additional References for Zone-Based Policy Firewall IPv6 Support
- Feature Information for Zone-Based Policy Firewall IPv6 Support
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information About Zone-Based Policy Firewall IPv6 Support
Zone-Based Policy Firewall IPv6 Support
The zone-based policy firewall for IPv6 coexists with the zone-based policy firewall for IPv4 in order to support IPv6 traffic. The feature provides MIB support for TCP, UDP, ICMPv6, and FTP sessions.
How to Configure Zone-Based Policy Firewall IPv6 Support
Configuring an Inspect-Type Parameter Map
1.
enable
2.
configure
terminal
3.
parameter-map
type
inspect
{parameter-map-name | global | default}
4.
sessions
maximum
sessions
5.
ipv6
routing-enforcement-header
loose
DETAILED STEPS
Creating and Using an Inspect-Type Class Map
1.
enable
2.
configure
terminal
3.
class-map
type
inspect
{match-any | match-all} class-map-name
4.
match
protocol
tcp
5.
match
protocol
udp
6.
match
protocol
icmp
7.
match
protocol
ftp
DETAILED STEPS
Creating and Using an Inspect-Type Policy Map
1.
enable
2.
configure
terminal
3.
policy-map
type
inspect
policy-map-name
4.
class
type
inspect
class-map-name
5.
inspect
[parameter-map-name]
DETAILED STEPS
Creating Security Zones and Zone Pairs
1.
enable
2.
configure
terminal
3.
zone
security
{zone-name | default}
4.
zone
security
{zone-name | default}
5.
zone-pair
security
zone-pair-name
source
{source-zone-name | self | default} destination {destination-zone-name | self | default}
6.
service-policy
type
inspect
policy-map-name
DETAILED STEPS
Configuration Examples for Zone-Based Policy Firewall IPv6 Support
Example: Configuring Cisco IOS Zone-Based Firewall for IPv6
parameter-map type inspect v6-param-map sessions maximum 10000 ipv6 routing-header-enforcement loose ! ! class-map type inspect match-any v6-class match protocol tcp match protocol udp match protocol icmp match protocol ftp ! ! policy-map type inspect v6-policy class type inspect v6-class inspect ! zone security z1 zone security z2 ! zone-pair security zp source z1 destination z2 service-policy type inspect v6-policy
Additional References for Zone-Based Policy Firewall IPv6 Support
Related Documents
Related Topic |
Document Title |
|---|---|
|
IPv6 addressing and connectivity |
IPv6 Configuration Guide |
|
Cisco IOS commands |
|
|
IPv6 commands |
Cisco IOS IPv6 Command Reference |
|
Cisco IOS IPv6 features |
Cisco IOS IPv6 Feature Mapping |
Standards and RFCs
Standard/RFC |
Title |
|---|---|
|
RFCs for IPv6 |
IPv6 RFCs |
MIBs
|
MIB |
MIBs Link |
|---|---|
|
|
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
Technical Assistance
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for Zone-Based Policy Firewall IPv6 Support
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.Feature Name |
Releases |
Feature Information |
|---|---|---|
|
Zone-Based Policy Firewall IPv6 Support |
15.1(2)T |
Cisco zone-based firewall for IPv6 coexists with Cisco zone-based firewall for IPv4 in order to support IPv6 traffic. |
Feedback