On Tue, Jan 25, 2011 at 10:49 PM, Mark D. Nagel <mna...@willingminds.com> wrote:
> This can bite you in unexpected ways, too. For example, on a Cisco ASA, > if you add a system-level 'icmpv6 permit' line and if this does not > include ND, then you break ND responses to the ASA. This is much unlike > ARP, which is unaffected by 'icmp permit' statements for IPv4. And, the > default with no such lines is to permit all ICMP/ICMPv6 to the ASA. This > seems so obvious in retrospect, but at the time was a bit of a > head-scratcher. > ARP is a seperate protocol supporting IPv4 ... For IPv6 ND is done using ICMPv6 messages. A bit confusing transitioning from IPv4/ARP for sure. > Mark
