43-28
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter43 Configuring Inspection of Basic Internet Protocols
NetBIOS Inspection
Authentication
Encapsulating Security Payload
In addition, default IPv6 inspection checks conformance to RFC 2460 for type and order of extension
headers in IPv6 packets:
IPv6 header
Hop-by-Hop Options header (0)
Destination Options header (60)
Routing header (43)
Fragment header (44)
Authentication (51)
Encapsulating Security Payload header(50)
Destination Options header (60)
No Next Header (59)
When a policy map is not configured for IPv6inspection or a configured policy map is not associated
with an interface, the ASA drops packets with any mobility type and a routing-type IPv6 extension
header that arrive at the interface.
When an IPv6 inspection policy map is created, the ASA automatically generates a configuration to drop
packets that match header routing-type in the range 0-255.

Configuring an IPv6 Inspection Policy Map

You can configure a policy map for IPv6 inspection to handle IPv6 extension headers. The IPv6 policy
map is applied to each classified IPv6 packet on the specified direction. Currently, only incoming IPv6
traffic is inspected.
NetBIOS Inspection
This section describes the IM inspection engine. This section includes the following topics:
NetBIOS Inspection Overview, page43-28
Configuring a NetBIOS Inspection Policy Map for Additional Inspection Control, page43-29

NetBIOS Inspection Overview

NetBIOS inspection is enabled by default. The NetBios inspection engine translates IP addresses in the
NetBios name service (NBNS) packets according to the ASA NAT configuration.