17-70
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Configuring IPv6 Maps
Use the Add and Edit IPv6 Map dialog boxes to define the match criteria and values for an IPv6 inspect
map. You can use an IPv6 map to selectively drop IPv6 packets based on following types of extension
headers found anywhere in the IPv6 packet:
Hop-by-Hop Options
Routing (Type 0)
Fragment
Destination Options
Authentication
Encapsulating Security Payload
Service objects corresponding to these protocols are available in the Services table in the Policy Object
Manager, page 6-4.
Note With the release of Security Manager 4.4 and versions 9.0 and higher of the ASA, the separate policies
for configuring IPv4 and IPv6 inspection rules were unified. However, IPv6 maps are still provided in
support of earlier versions.
Navigation Path
Select Manage > Policy Objects, then select Maps > Policy Maps > Inspect > IPv6 from the Object
Type selector. Right-click inside the table, then select New Object or right-click a row, then select Edit
Object.
Related Topics
Understanding Map Objects, page 6-72
Configuring Protocols and Maps for Inspection, page 17-21
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.
Table17-40 Add and Edit IP Options Map Dialog Boxes (Continued)
Element Description