How does IPv6 affect IPSecurity, when using Configuration Assistant ?

There were a number of changes made to the Configuration Assistant to handle the use of IPv6 addresses in IPSecurity. Here is a summary of those changes:

• Connectivity rules must be all IPv4 or IPv6. Intermixing of IP address types is not permitted when specifying data endpoints and security endpoints.

• There are two protocols specific to IPv6 to choose from when creating traffic descriptors: ICMPv6 and MIPv6

• Protocols that only apply to IPv4 will only be permitted on IPv4 connectivity rules. The same applies to IPv6: protocols that only apply to IPv6 will only be permitted on IPv6 connectivity rules.

          - The following are IPv4 only protocols:  ICMP, IGMP.
  
          - The following are IPv6 only protocols:  ICMPv6, MIPv6.
  
          - All other protocols are permitted for both IPv4 and IPv6 connectivity rules.
  
  
  

• IPv4-mapped IPv6 addresses and IPv4-compatible IPv6 addresses are only permitted on data endpoints for Permit/Deny rules for IPSec.

• Special connectivity rules need to be created in order to protect IPv6 OSPF traffic. To learn how to protect IPv6 OSPF traffic, view the tutorial at How do I protect IPv6 OSPF traffic.