Filter
Top Products
1-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 1 Getting Started with Security Manager
Product Overview
In general, you can configure IPv6 policies on the following types of device. In addition, you can
monitor IPv6 alerts generated by IPS, ASA, and FWSM devices. For other types of devices, use
FlexConfig policies to configure IPv6 settings. For more specific information on IPv6 device support,
see the Supported Devices and Software Versions for Cisco Security Manager document on Cisco.com.
• ASA—Release 7.0+ when running in router mode; release 8.2+ when running in transparent mode.
Both single and multiple security context devices are supported.
• FWSM—Release 3.1+ when running in router mode. Not supported in transparent mode. Both
single and multiple security context devices are supported.
• IPS—Release 6.1+.
Following is a summary of the Security Manager features that support IPv6 addressing:
• Policy Objects—The following policy objects support IPv6 addresses:
–
Networks/Hosts. See Understanding Networks/Hosts Objects, page 6-74.
–
Services. This object includes predefined services for ICMP6 and DHCPv6, which you can use
only with IPv6 policies. The other services apply to both IPv4 and IPv6. For more information
on service objects, see Understanding and Specifying Services and Service and Port List
Objects, page 6-86.
• Firewall Services Policies—The following Firewall Services policies and tools support IPv6
configurations:
–
AAA Rules. See Chapter 15, “Managing Firewall AAA Rules”.
–
Access Rules. See Configuring Access Rules, page 16-7.
–
Inspection Rules. See Chapter 17, “Managing Firewall Inspection Rules”.
–
Settings > Access Control. See Configuring Settings for Access Control, page 16-20.
–
Tools:
Hit Count. See Viewing Hit Count Details, page 16-33.
Find and Replace. See Finding and Replacing Items in Rules Tables, page 12-16.
• ASA and FWSM Policies—The following ASA and FWSM policies support IPv6 configurations:
–
(ASA 7.0+ routed mode; ASA 8.2+ transparent mode; FWSM 3.1+ routed mode.) Interfaces:
IPv6 tab of the Add Interface and Edit Interface dialog boxes. See Configuring IPv6 Interfaces
(ASA/FWSM), page 45-29.
–
(ASA only.) Platform > Bridging > IPv6 Neighbor Cache. See Managing the IPv6 Neighbor
Cache, page 46-6.
–
(ASA 5505 8.2/8.3 only.) Platform > Bridging > Management IPv6. See Management IPv6 Page
(ASA 5505), page 46-10.
–
(ASA 8.4.2+ only.) Platform > Device Admin > Server Access > DNS. See DNS Page,
page 51-13.
• FlexConfig Policies—There are two Firewall system variables that you can use to identify IPv6
ACLs on a device. For more information, see FlexConfig System Variables, page 7-7.
There is also a predefined FlexConfig policy object that uses these variables,
ASA_add_IPv6_ACEs.