To lock down the router more I have made the following changes and decided on the following configuration. But now I am having problems with fragmented packets. Adding ipv6 virtual-reassembly in on both FA0/0 and FA0/1 fixes the problem but my speed tests drop in half. But by doing this I pass both tests at http://netalyzr.icsi.berkeley.edu/index.html and http://test-ipv6.com/ (using ubuntu). But when I test with the config below and adding permit icmp any any unreachable, permit icmp any any packet-too-big to my access-list I then pass http://test-ipv6.com/ on my ubuntu box, but still fail the netalyzr test. Now if I strictly use the config below. I then fail both tests on ubuntu with fragmented packets. Yet I pass test-ipv6.com on windows but fail netalyzr on windows.

How does someone get fragmentation working, yet lock down the router at the same time? But not effect performance?

===========================
no ipv6 source-route
ipv6 unicast-routing
ipv6 cef
ipv6 inspect name IPv6 icmp timeout 60
ipv6 inspect name IPv6 ftp timeout 60
ipv6 inspect name IPv6 tcp timeout 60
ipv6 inspect name IPv6 udp timeout 60



interface FastEthernet0/0
ipv6 address dhcp
ipv6 address autoconfig default
ipv6 enable
no ipv6 redirects
no ipv6 unreachables
ipv6 verify unicast reverse-path
ipv6 dhcp client pd mediacom
ipv6 inspect IPv6 out
ipv6 traffic-filter IPv6_In in

interface FastEthernet0/1
ipv6 address mediacom ::1/64
ipv6 enable


ipv6 access-list IPv6_In
permit udp FE80::/64 any eq 546
permit icmp FE80::/64 any router-advertisement
permit icmp FE80::/64 any nd-ns
permit icmp FE80::/64 any nd-na
permit icmp FE80::/64 any mld-report
deny ipv6 any any log

CCNA, A+, HP Certified Professional