F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
60
3BConfiguring tunneling
The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices.
Tunneling can be configured only at the CLI.
22B
Overview
Tunneling is an encapsulation technology. One network protocol encapsulates packets of another
network protocol and transfers them over a virtual point-to-point connection. The virtual connection is
called a tunnel. Packets are encapsulated at the tunnel source end and de-encapsulated at the tunnel
destination end. Tunneling refers to the whole process from data encapsulation to data transfer to data
de-encapsulation.
Tunneling supports the following technologies:
• Transition techniques, such as IPv6 over IPv4 tunneling, to interconnect IPv4 and IPv6 networks.
• Virtual Private Network (VPN) such as IPv4 over IPv4 tunneling, IPv4/IPv6 over IPv6 tunneling,
Generic Routing Encapsulation (GRE), Dynamic Virtual Private Network (DVPN), and IPsec
tunneling.
Unless otherwise specified, the term tunnel in this document refers to IPv6 over IPv4, IPv4 over IPv4, IPv4
over IPv6, and IPv6 over IPv6 tunnels.
For more information about GRE, see "Configuring GRE."
For more information about DVPN, see "Configuring DVPN."
For more information about IPsec, see "Configuring IPsec."
122BIPv6 over IPv4 tunneling
The following matrix shows the feature and hardware compatibility:
Hardware IPv6 over IPv4 tunnelin
g
com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A Yes
U200-S No
366BImplementation
IPv6 over IPv4 tunneling adds an IPv4 header to IPv6 packets so that IPv6 packets can pass an IPv4
network through a tunnel to realize interworking between isolated IPv6 networks, as shown in
695HFigure 56.
The devices at the ends of an IPv6 over IPv4 tunnel must support the IPv4/IPv6 dual stack.