F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

401

402

403

404

405

406

407

408

409

410

397

• Type 3—Associate a DNS64 prefix with an address pool

If the prefix of the destination IPv6 address is the DNS64 prefix specified in the policy, the source

address is translated into an IPv4 address in the address pool associated with the DNS64 prefix.

If the no-pat keyword is specified, only the IP address is translated. Otherwise, both the IP address

and the port number are translated to save the IPv4 addresses in the address pool.

• Type 4—Associate a DNS64 prefix with an interface address

If the prefix of the destination IPv6 address is the DNS64 prefix specified in the policy, AFT

translates the source address into the IPv4 address of the interface associated with the DNS64

prefix. The port number is also translated.

The AFT address pool contains a range of continuous IPv4 addresses. When the AFT policy is type 1 or

type 3, the AFT chooses an IPv4 address from the address pool as the translated IPv4 address.

Configure the DNS64 prefix by using the aft prefix-dns64 command.

To configure the 6to4 AFT policy:

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Configure an AFT IPv4

address pool.

aft address-group group-number

start-ipv4-address end-ipv4-address

Required for type 1

and type 3.

Ignored for type 2

and type 4.

3. Configure the 6to4 AFT

policy.

• Associate an IPv6 ACL with an address pool:

aft v6tov4 acl6 number acl6-number

address-group group-number [ no-pat ]

• Associate an IPv6 ACL with an interface

address:

aft v6tov4 acl6 number acl6-number interface

interface-type interface-number

• Associate a DNS64 prefix with an address

pool:

aft v6tov4 prefix-dns64 dns64-prefix

prefix-length address-group group-number

[ no-pat ]

• Associate a DNS64 prefix with an interface

address:

aft v6tov4 prefix-dns64 dns64-prefix

prefix-length interface interface-type

interface-number

Configure one of

them.

81B

Configuring 4to6 AFT policies

When the communication is initiated by an IPv4 host, the source and destination IPv4 addresses are

translated into IPv6 addresses based on two 4to6 AFT policies.

One 4to6 AFT policy is used for source address translation, and the other is for destination address

translation.

• Policy for the source IPv4 address translation—If the packet matches the specified ACL, the AFT

translates the source address into an IPv6 address by using the specified DNS64 prefix. If not, the