Question & Answer
Question
We would like to know what changes were made to the Configuration Assistant to handle the use of IPv6 addresses.
Answer
There were a number of changes made to the Configuration Assistant to handle the use of IPv6 addresses in IPSecurity. Here is a summary of those changes:
Connectivity rules must be all IPv4 or IPv6. Intermixing of IP address types is not permitted when specifying data endpoints and security endpoints.
There are two protocols specific to IPv6 to choose from when creating traffic descriptors: ICMPv6 and MIPv6
Protocols that only apply to IPv4 will only be permitted on IPv4 connectivity rules. The same applies to IPv6: protocols that only apply to IPv6 will only be permitted on IPv6 connectivity rules.
- The following are IPv4 only protocols: ICMP, IGMP. - The following are IPv6 only protocols: ICMPv6, MIPv6. - All other protocols are permitted for both IPv4 and IPv6 connectivity rules.
IPv4-mapped IPv6 addresses and IPv4-compatible IPv6 addresses are only permitted on data endpoints for Permit/Deny rules for IPSec.
Special connectivity rules need to be created in order to protect IPv6 OSPF traffic. To learn how to protect IPv6 OSPF traffic, view the tutorial at How do I protect IPv6 OSPF traffic.
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
15 April 2015
UID
dwa1185212