Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint
    Share this Page URL
    Help

    Chapter 16. Cisco Firewalls and IPv6 > IPv6 Support in the Classic IOS Firewall

    IPv6 Support in the Classic IOS Firewall

    Chapter 9, “Classic IOS Firewall Overview,” presented a detailed analysis of the Classic IOS Firewall, which was originally referred to as Context Based Access Control (CBAC). Chapter 12, “Application Inspection,” explored the application-level inspection capabilities available for this IOS Firewall approach. This section briefly covers the CBAC inspection resources for IPv6 environments, while reiterating that the Zone-base Policy Firewall (ZFW) is the recommended IOS firewall implementation model going forward.

    Example 16-19 relates to the scenario shown in Figure 16-12. A policy called CBAC-IPV6 is defined to promote generic L4 inspection for UDP and TCP. Stateless ICMP filtering rules (represented by ACLs OUTBOUND and INBOUND) enable echo requests and replies through the IOS Firewall (between networks 2001:db8::/64 and 2001:db8:0:1111::/64).


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial