Due to the shortage of IPv4 IP addresses, we will run out of IPv4 some day in the near future (approx. 699 days from now, http://inetcore.com/project/ipv4ec/index_en.html). To be prepared for this we are experimenting with IPv6. We got a /32 allocated by RIPE, and are currently preparing a live network to connect some services via native  IPv6 to the internet. While reviewing the IPv6 capabilities of the network equipment we use, I found out that Cisco ASA/Pix does not support failover when running IPv6. For details on this matter please see the following links:

  • http://www.v4tov6.com/2009/06/cisco-asa-ipv6-failover-update.html
  • http://v4tov6.com/2008/11/cisco-asa-ipv6-failover.html
  • http://forums.cabling-design.com/cisco/Re-PIX-IPv6-Failover-bug-4167-.htm

This failover support seems to be lacking for some time now, and is still missing in the latest release. I’ve notified our sales rep. at Cisco about this. Personally I think this is quite a serious issue, as failover is a essential part of building serious infrastructures. I hope Cisco will see that this feature should be implemented as soon as possible.

If you consider this a serious issue as well, I recommend you notify your Cisco contact. Also leave a comment, just because I’m wondering how many people think this is a problem :)

06 april 2010: Cisco released ASA version 8.3 which solves this problem: http://www.networkworld.com/community/node/58537