Decent IPv6 firewall with failover?

[Ken Mix]

FWIW - I am running a pair of 5520s [v8.2(2)] that does support IPv6 failover.  I upgraded specifically for this feature, and it has been passing live traffic for 3+ months now.  Configuration is as simple as specifying a standby IPv6 address in the interface, although it appears that an IPv4 address does have to be present for failover to work properly. 

Regards,

Ken

-----Original Message-----
From: ipv6-ops-bounces+ken.mix=clearfly.net at lists.cluenet.de [mailto:ipv6-ops-bounces+ken.mix=clearfly.net at lists.cluenet.de] On Behalf Of George Bonser
Sent: Monday, May 17, 2010 1:26 AM
To: Asbjorn Hojmark - Lists
Cc: ipv6-ops at lists.cluenet.de
Subject: RE: Decent IPv6 firewall with failover?



> -----Original Message-----
> From: Asbjorn Hojmark - Lists [mailto:lists at hojmark.org]
> Sent: Monday, May 17, 2010 12:17 AM
> To: George Bonser
> Cc: ipv6-ops at lists.cluenet.de
> Subject: Re: Decent IPv6 firewall with failover?
> 
> On Sun, 16 May 2010 23:52:56 -0700, you wrote:
> 
> > I notice the Cisco ASA series still doesn't do failover for IPv6
> > as of 8.3
> 
> New in 8.2:
> 
>
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn8
> 2.html
> 
> "IPv6 Support in Failover Configurations: IPv6 is now supported in
> failover configurations. You can assign active and standby IPv6
> addresses to interfaces and use IPv6 addresses for the failover and
> Stateful Failover interfaces."
> 
> Isn't that what you want?
> 
> -A

Interesting.  Because here:
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/r
oute_overview.html#wpxref71253

It says:

Failover does not support IPv6. The ipv6 address command does not
support setting standby addresses for failover configurations. The
failover interface ip command does not support using IPv6 addresses on
the failover and Stateful Failover interfaces.

So now I don't know what to believe.