jsz0 · October 3, 2015 22:06
diff --git a/cisco-asa-ipv6-notes.txt b/cisco-asa-ipv6-notes.txt
 ASA# show ipv6 interface Inside
 Inside is up, line protocol is up
  IPv6 is enabled, link-local address is fe80::213:c4ff:fe80:b4ec
  Global unicast address(es):
    xxxx:xxx:xx:xxxx::1, subnet is xxxx:xxx:xx:xxxx::::/64
  Joined group address(es):
    ff02::1
    ff02::2
    ff02::1:ff00:1
    ff02::1:ff80:b4ec
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND advertised reachable time is 0 milliseconds
  ND advertised retransmit interval is 1000 milliseconds
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  Hosts use stateless autoconfig for addresses.
  
 ASA# show ipv6 neighbor Inside
 IPv6 Address                              Age Link-layer Addr State Interface
 xxxx:xxx:xx:xxxx:591f:79a1:c3ac:b52b      184 000c.2993.144a  STALE Inside
 xxxx:xxx:xx:xxxx:7840:6c53:f218:d332      356 9cfc.0183.d1f2  STALE Inside
 fe80::b885:48c8:e9a:4755                   12 8000.0b40.51c8  STALE Inside


 # interface +'ipv6 nd suppress-ra'
 #
 ASA# show ipv6 interface Secure
 secure is up, line protocol is up
  IPv6 is enabled, link-local address is fe80::213:c4ff:fe80:b4ed
  Global unicast address(es):
    xxxx:xxx:xx:xxx::, subnet is  xxxx:xxx:xx:xxx::::/64
  Joined group address(es):
    ff02::1
    ff02::2
    ff02::1:ff00:0
    ff02::1:ff80:b4ed
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  Hosts use stateless autoconfig for addresses.
  
  
 # minimum ICMP per RFC?
 ipv6 access-list Outside_access_ipv6_in permit icmp6 any any echo-reply 
 ipv6 access-list Outside_access_ipv6_in permit icmp6 any any echo 
 ipv6 access-list Outside_access_ipv6_in permit icmp6 any any packet-too-big 
 ipv6 access-list Outside_access_ipv6_in permit icmp6 any any time-exceeded 
 ipv6 access-list Outside_access_ipv6_in permit icmp6 any any parameter-problem 
 ipv6 access-list Outside_access_ipv6_in permit icmp6 any any unreachable
	ASA# show ipv6 interface Inside
	Inside is up, line protocol is up
	IPv6 is enabled, link-local address is fe80::213:c4ff:fe80:b4ec
	Global unicast address(es):
	xxxx:xxx:xx:xxxx::1, subnet is xxxx:xxx:xx:xxxx::::/64
	Joined group address(es):
	ff02::1
	ff02::2
	ff02::1:ff00:1
	ff02::1:ff80:b4ec
	ICMP error messages limited to one every 100 milliseconds
	ICMP redirects are enabled
	ND DAD is enabled, number of DAD attempts: 1
	ND reachable time is 30000 milliseconds
	ND advertised reachable time is 0 milliseconds
	ND advertised retransmit interval is 1000 milliseconds
	ND router advertisements are sent every 200 seconds
	ND router advertisements live for 1800 seconds
	Hosts use stateless autoconfig for addresses.

	ASA# show ipv6 neighbor Inside
	IPv6 Address Age Link-layer Addr State Interface
	xxxx:xxx:xx:xxxx:591f:79a1:c3ac:b52b 184 000c.2993.144a STALE Inside
	xxxx:xxx:xx:xxxx:7840:6c53:f218:d332 356 9cfc.0183.d1f2 STALE Inside
	fe80::b885:48c8:e9a:4755 12 8000.0b40.51c8 STALE Inside


	# interface +'ipv6 nd suppress-ra'
	#
	ASA# show ipv6 interface Secure
	secure is up, line protocol is up
	IPv6 is enabled, link-local address is fe80::213:c4ff:fe80:b4ed
	Global unicast address(es):
	xxxx:xxx:xx:xxx::, subnet is xxxx:xxx:xx:xxx::::/64
	Joined group address(es):
	ff02::1
	ff02::2
	ff02::1:ff00:0
	ff02::1:ff80:b4ed
	ICMP error messages limited to one every 100 milliseconds
	ICMP redirects are enabled
	ND DAD is enabled, number of DAD attempts: 1
	ND reachable time is 30000 milliseconds
	Hosts use stateless autoconfig for addresses.


	# minimum ICMP per RFC?
	ipv6 access-list Outside_access_ipv6_in permit icmp6 any any echo-reply
	ipv6 access-list Outside_access_ipv6_in permit icmp6 any any echo
	ipv6 access-list Outside_access_ipv6_in permit icmp6 any any packet-too-big
	ipv6 access-list Outside_access_ipv6_in permit icmp6 any any time-exceeded
	ipv6 access-list Outside_access_ipv6_in permit icmp6 any any parameter-problem
	ipv6 access-list Outside_access_ipv6_in permit icmp6 any any unreachable