A SERVICE OF

logo

Open as PDF
next previous
17-73
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Field Reference
Table 17-42 IPv6 Policy Maps Add or Edit Match Condition and Action Dialog Boxes
Element Description
Criterion Choose the type of IPv6 Extension Header to match:
Authentication Header (AH)—Provides integrity and data-origin
authentication for IP packets.
Destination Options Header—Used for IPv6 Mobility, as well as in
support of certain applications.
Encapsulating Security Payload Header (ESP)—All information
following the ESP header is encrypted and not accessible to
intermediate network devices.
Fragment Header—Supports traffic-source fragmented-packet
communications.
Hop-by-Hop Options Header—Optional information that must be
examined by every node in the packet’s delivery path.
Header Count—The number of headers in the packet. When you
choose this option, the following field appears; specify an upper
bound for the number of headers:
Greater Than Count—Enter a value between 0 and 255.
The packet is considered a match if the Header Count is greater
than the specified number; it is not a match if the count is equal
to, or less than the specified number.
Routing Header Type—Use this option to match one or EH types
based on their header codes. When you choose this type, the
following Value options appear; specify one or the other:
Routing Type—Enter one Extension Header code; for
example, 51 for Authentication Header.
Routing Type Field Range—Enter a starting value and an
ending value to define a range of EH codes.
Routing Header Address Count—The number of IP addresses
embedded in the packet. When you choose this option, the
following field appears; specify an upper bound for the number of
addresses:
Greater Than Count—Enter a value between 0 and 255.
The packet is considered a match if the address count is greater
than the specified number; it is not a match if the count is equal
to, or less than the specified number.
Type Specifies that the map is applied only to traffic that matches the defined
criteria.