On Thu, 8 Oct 2009, Leif Sawyer wrote:
Andrew Yourtchenko writes, in response to
Nick Hilliard whom wrote:
Unfortunately, ASA boxes are beloved of enterprises, and
ipv6 is very much down the list as far as the enterprise
market segment is concerned. The service provider market
has significantly different needs, but Cisco's ASA product
managers are not especially focussed on this segment.
8.2.2 should make the ipv6 and failover better friends than
they are now.
How about some love for the FWSM's as well?
I'm part of a service provider operation. We don't get any love
for IPv6 support here. Driving me crazy.
I mean, seriously, do I have to rip out the FWSM's and put in
10GE trunks to a pair of Linux boxes just to get IPv4+IPv6 to work
correctly at the same time?
It'd probably save me time and effort in the long run. Sigh.
My mail was about ASA. What was applicable to FWSM, I wrote in a thread
half a year ago - my apologies for not being able to add anything to that.
< and if I were to write anything about messengers, it'd go here :-) >
And while you're at it, Cisco, *PLEASE* fix the ASDM IPv6 support
such that I can just drop in the IPv6 object into an existing
rule, and the back end figures out the magic? I shouldn't have to
duplicate all my rules for both IPv4 and IPv6.
ASDM rules<->config is bidirectional, so the magic would need to be
an invertible function - hence it is more difficult than it seems.
Nonetheless, I'll mention this to ASDM folks when I have a chance.
Mind unicasting me your config so I could take a look at it ?
@all: does everyone (who does deal with firewalls+IPv6) have also the
almost identical IPv4 and IPv6 policies ?
kind regards,
andrew
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
