19-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter19 Adding an IPv6 Access List
Monitoring IPv6 Access Lists
Monitoring IPv6 Access Lists
To monitor IPv6 access lists, perform one of the following tasks:
Configuration Examples for IPv6 Access Lists
The following example shows how to configure IPv6 access lists:
The following example allows any host using TCP to access the 3001:1::203:A0FF:FED6:162D server:
hostname(config)# ipv6 access-list acl_grp permit tcp any host 3001:1::203:A0FF:FED6:162D
The following example uses eq and a port to deny access to just FTP:
hostname(config)# ipv6 access-list acl_out deny tcp any host 3001:1::203:A0FF:FED6:162D eq
ftp
hostname(config)# access-group acl_out in interface inside
The following example uses lt to permit access to all ports less than port 2025, which permits access to
the well-known ports (1 to 1024):
hostname(config)# ipv6 access-list acl_dmz1 permit tcp any host 3001:1::203:A0FF:FED6:162D
lt 1025
hostname(config)# access-group acl_dmz1 in interface dmz1
Where to Go Next
Apply the access list to an interface. (See the “Configuring Access Rules” section on page34-7 for more
information.)
Feature History for IPv6 Access Lists
Table19-2 lists each feature change and the platform release in which it was implemented.
Command Purpose
show ipv6 access-list Displays all IPv6 access list information.
Table19-2 Feature History for IPv6 Access Lists
Feature Name Releases Feature Information
IPv6 access lists 7.0(1) We introduced the following command: ipv6 access-list.