Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
80
377BConfiguration considerations
To enable communication between 6to4 networks, configure 6to4 addresses for 6to4 firewalls and hosts
in the 6to4 networks.
The IPv4 address of GigabitEthernet 0/2 on Firewall A is 2.1.1.1/24, and the corresponding 6to4
prefix is 2002: 0201:0101::/48. A ssign interface Tunnel 0 to subnet 2002:0201:0101::/64 and
GigabitEthernet 0/1 to subnet 2002:0201:0101:1::/64.
The IPv4 address of GigabitEthernet 0/2 on Firewall B is 5.1.1.1/24, and the corresponding 6to4
prefix is 2002:0501:0101::/48. Assign interface Tunnel 0 to subnet 2002:0501:0101::/64 and
GigabitEthernet 0/1 to subnet 2002:0501:0101:1::/64.
378BConfiguration procedure
Before configuring a 6to4 tunnel, make sure Firewall A and Firewall B can reach each other through
IPv4.
Configure Firewall A:
# Enable IPv6.
<FirewallA> system-view
[FirewallA] ipv6
# Configure an IPv4 address for GigabitEthernet 0/2.
[FirewallA] interface gigabitethernet 0/2
[FirewallA-GigabitEthernet0/2] ip address 2.1.1.1 24
[FirewallA-GigabitEthernet0/2] quit
# Configure an IPv6 address for GigabitEthernet 0/1.
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] ipv6 address 2002:0201:0101:1::1/64
[FirewallA-GigabitEthernet0/1] quit
# Configure the 6to4 tunnel.
[FirewallA] interface tunnel 0
[FirewallA-Tunnel0] ipv6 address 2002:201:101::1/64
[FirewallA-Tunnel0] source gigabitethernet 0/2
[FirewallA-Tunnel0] tunnel-protocol ipv6-ipv4 6to4
[FirewallA-Tunnel0] quit
# Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel
interface.
[FirewallA] ipv6 route-static 2002:: 16 tunnel 0
Configure Firewall B:
# Enable IPv6.
<FirewallB> system-view
[FirewallB] ipv6
# Configure an IPv6 address for GigabitEthernet 0/2.
[FirewallB] interface gigabitethernet 0/2
[FirewallB-GigabitEthernet0/2] ip address 5.1.1.1 24
[FirewallB-GigabitEthernet0/2] quit
# Configure an IPv6 address for GigabitEthernet 0/1.
[FirewallB] interface gigabitethernet 0/1
[FirewallB-GigabitEthernet0/1] ipv6 address 2002:0501:0101:1::1/64
[FirewallB-GigabitEthernet0/1] quit