|
Just so you know - IPv6 and Cisco ASA/PIX in failover configuration
![[it]](/s/countries/it.gif) Shadow Hawkins on Wednesday, 06 February 2008 11:47:34
ASA/PIX version > 7.0 support IPv6 although the functionality is still quite limited; in particular, cisco says that if you have your firewall in a failover configuration, it does not work. I tried it out anyway and found that sometimes it works and sometimes it doesn't and that is because both the active and the failover unit send out router advertisment, so you end up with two default gateways.
::/0 fe80::211:21ff:fedf:924a UGDA 1024 21 0 eth0
::/0 fe80::211:21ff:fedf:923e UGDA 1024 0 0 eth0
If you are lucky and receive the active default gateway first everything works, otherwise you send you packets to the failover unit and they get discarded.
To work around this problem remove the wrong entry from your routing table, like this:
ip -6 route del ::/0 via fe80::211:21ff:fedf:923e
Regards,
Biker
Just so you know - IPv6 and Cisco ASA/PIX in failover configuration
Shadow Hawkins on Friday, 15 February 2008 11:04:03
UPDATE: Version 8.0.3 fixes this bug.
Regards,
Biker
Just so you know - IPv6 and Cisco ASA/PIX in failover configuration
Shadow Hawkins on Monday, 24 August 2009 10:03:56
Hi,
can you explain how did you managed to configure ASA failover on IPv6?
Tnx a lot
|
Posting is only allowed when you are