Filter
Top Products
17-73
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Field Reference
Table 17-42 IPv6 Policy Maps Add or Edit Match Condition and Action Dialog Boxes
Element Description
Criterion Choose the type of IPv6 Extension Header to match:
• Authentication Header (AH)—Provides integrity and data-origin
authentication for IP packets.
• Destination Options Header—Used for IPv6 Mobility, as well as in
support of certain applications.
• Encapsulating Security Payload Header (ESP)—All information
following the ESP header is encrypted and not accessible to
intermediate network devices.
• Fragment Header—Supports traffic-source fragmented-packet
communications.
• Hop-by-Hop Options Header—Optional information that must be
examined by every node in the packet’s delivery path.
• Header Count—The number of headers in the packet. When you
choose this option, the following field appears; specify an upper
bound for the number of headers:
–
Greater Than Count—Enter a value between 0 and 255.
The packet is considered a match if the Header Count is greater
than the specified number; it is not a match if the count is equal
to, or less than the specified number.
• Routing Header Type—Use this option to match one or EH types
based on their header codes. When you choose this type, the
following Value options appear; specify one or the other:
–
Routing Type—Enter one Extension Header code; for
example, 51 for Authentication Header.
–
Routing Type Field Range—Enter a starting value and an
ending value to define a range of EH codes.
• Routing Header Address Count—The number of IP addresses
embedded in the packet. When you choose this option, the
following field appears; specify an upper bound for the number of
addresses:
–
Greater Than Count—Enter a value between 0 and 255.
The packet is considered a match if the address count is greater
than the specified number; it is not a match if the count is equal
to, or less than the specified number.
Type Specifies that the map is applied only to traffic that matches the defined
criteria.