F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

AFT modes ··························································································································································· 391

AFT operation ······················································································································································ 392

DNS64 function ··················································································································································· 394

AFT limitations ······················································································································································ 394

Protocols and standards ····································································································································· 394

AFT configuration task list ··········································································································································· 395

When communication is initiated by an IPv6 host··························································································· 395

When communication is initiated by an IPv4 host··························································································· 395

Configuration prerequisites ········································································································································· 395

Enabling AFT ································································································································································ 395

Configuring a DNS64 prefix ······································································································································ 396

Configuring an IVI prefix ············································································································································· 396

Configuring a 6to4 AFT policy ··································································································································· 396

Configuring 4to6 AFT policies ···································································································································· 397

Displaying and maintaining AFT ································································································································ 398

AFT configuration examples ······································································································································· 399

An IPv6 host with an IVI address initiates communication with an IPv4 host ··············································· 399

An IPv4 host initiates communication with an IPv6 host ················································································· 400

Configure the DNS64 function of AFT ·············································································································· 402

Troubleshooting AFT ···················································································································································· 405

Symptom 1 ··························································································································································· 405

Solution ································································································································································· 405

Symptom 2 ··························································································································································· 405

Configuring DVPN ·················································································································································· 407

Feature and hardware compatibility ·························································································································· 407

Overview ······································································································································································· 407

Basic concepts ····················································································································································· 407

How DVPN operates ··········································································································································· 408

Network structures ··············································································································································· 408

DVPN implementation ········································································································································· 409

Supported DVPN features··································································································································· 412

Configuring DVPN in the Web interface ··················································································································· 413

Recommended configuration procedure ··········································································································· 413

Configuring a VPN domain ······························································································································· 414

Configuring an ISP domain ································································································································ 417

Displaying VAM client information ··················································································································· 419

Configuring DVPN tunnels ································································································································· 419

Displaying DVPN session information ··············································································································· 426

Full mesh DVPN configuration example ··········································································································· 428

Hub-Spoke DVPN configuration example ········································································································· 644H443

303HConfiguring DVPN at the CLI ······································································································································ 645H455

304HDVPN configuration task list ······························································································································· 646H455

305HConfiguring AAA ················································································································································· 647H455

306HConfiguring the VAM server ······························································································································ 648H455

307HConfiguring a VAM client ·································································································································· 649H458

308HConfiguring an IPsec profile ······························································································································· 650H461

309HConfiguring DVPN tunnel parameters ··············································································································· 651H462

310HConfiguring routing ············································································································································· 652H464

311HDisplaying and maintaining DVPN ··················································································································· 653H465

312HFull mesh DVPN configuration example ··········································································································· 654H465

313HHub-spoke DVPN configuration example ········································································································· 655H479