F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
81
# Configure a 6to4 tunnel.
[FirewallB] interface tunnel 0
[FirewallB-Tunnel0] ipv6 address 2002:0501:0101::1/64
[FirewallB-Tunnel0] source gigabitethernet 0/2
[FirewallB-Tunnel0] tunnel-protocol ipv6-ipv4 6to4
[FirewallB-Tunnel0] quit
# Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel
interface.
[FirewallB] ipv6 route-static 2002:: 16 tunnel 0
379BVerifying the configuration
# Ping either host from the other, and the ping operation succeeds.
D:\>ping6 -s 2002:201:101:1::2 2002:501:101:1::2
Pinging 2002:501:101:1::2
from 2002:201:101:1::2 with 32 bytes of data:
Reply from 2002:501:101:1::2: bytes=32 time=13ms
Reply from 2002:501:101:1::2: bytes=32 time=1ms
Reply from 2002:501:101:1::2: bytes=32 time=1ms
Reply from 2002:501:101:1::2: bytes=32 time<1ms
Ping statistics for 2002:501:101:1::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 13ms, Average = 3ms
142B6to4 relay configuration example
380BNetwork requirements
As shown in 716HFigure 67, Firewall A is a 6to4 firewall, and 6to4 addresses are used on the connected IPv6
network. Firewall B serves as a 6to4 relay firewall and is connected to an IPv6 network (2001::/16).
Configure a 6to4 tunnel between Firewall A and Firewall B to make Host A and Host B reachable to each
other.
Figure 67 Network diagram
GE0/2
2.1.1.1/24
GE0/2
6.1.1.1/24
GE0/1
2002:0201:0101:1::1/64
GE0/1
2001::1/64
Firewall A
Firewall B
6to4 firewall
Host A
2002:0201:0101:1::2/64
Host B
2001::2/64
6to4 network
IPv4 netwok
6to4 relay
IPv6 network
6to4 tunnel
Tunnel 0
2002:0201:0101::1/64
Tunnel 0
2002:0601:0101::1/64