在單位內部因本來由ASA防火牆提供IPv6環境,因為VPN需求,又在單位位內部放了一台ASA5580 設備做為VPN伺服器,導致在單位內的電腦會收到2筆fe80的default IPv6 Route, 其中一筆是由ASA 5580發出的.
解決方式:
在介面上加入 ipv6 nd suppress-ra
interface GigabitEthernet3/0
nameif Outside
security-level 0
ip address 1x0.1xx.3.200 255.255.255.0
ipv6 address 2001:288:xx01:x::200/64
ipv6 enable
ra-interval Set IPv6 Router Advertisement Interval
ra-lifetime Set IPv6 Router Advertisement Lifetime
reachable-time Set advertised reachability time
suppress-ra Suppress IPv6 Router Advertisements
參考http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/command/ref/refgd/i3.html
沒有留言:
張貼留言