Things to remember in regards to IPv6 security at the edge:
- NAT doesn’t exist with IPv6
- ACLs are similar, with two exceptions: they are pre-pended by the keyword ipv6 and are applied to an interface via the traffic-filter command. They can be applied in or out, as with IPv4 access-lists.
- Use a stateful firewall, security appliance, or other security tools to secure the edge. There are protocols in IPv6 – such as neighbor discovery – that can be used for attack if you are not careful. Harden them.