F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
82
381BConfiguration procedure
Make sure Firewall A and Firewall B can reach each other through IPv4.
The configuration on a 6to4 relay firewall is similar to that on a 6to4 firewall. However, to enable
communication between the 6to4 network and the IPv6 network, you must configure a route to the IPv6
network on the 6to4 firewall.
• Configure Firewall A:
# Enable IPv6.
<FirewallA> system-view
[FirewallA] ipv6
# Configure an IPv4 address for GigabitEthernet 0/2.
[FirewallA] interface gigabitethernet 0/2
[FirewallA-GigabitEthernet0/2] ip address 2.1.1.1 255.255.255.0
[FirewallA-GigabitEthernet0/2] quit
# Configure an IPv6 address for GigabitEthernet 0/1.
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] ipv6 address 2002:0201:0101:1::1/64
[FirewallA-GigabitEthernet0/1] quit
# Configure a 6to4 tunnel.
[FirewallA] interface tunnel 0
[FirewallA-Tunnel0] ipv6 address 2002:0201:0101::1/64
[FirewallA-Tunnel0] source gigabitethernet 0/2
[FirewallA-Tunnel0] tunnel-protocol ipv6-ipv4 6to4
[FirewallA-Tunnel0] quit
# Configure a static route to the 6to4 relay firewall.
[FirewallA] ipv6 route-static 2002:0601:0101:: 64 tunnel 0
# Configure the default route to the IPv6-only network.
[FirewallA] ipv6 route-static :: 0 2002:0601:0101::1
• Configure Firewall B:
# Enable IPv6.
<FirewallB> system-view
[FirewallB] ipv6
# Configure an IPv4 address for GigabitEthernet 0/2.
[FirewallB] interface gigabitethernet 0/2
[FirewallB-GigabitEthernet0/2] ip address 6.1.1.1 255.255.255.0
[FirewallB-GigabitEthernet0/2] quit
# Configure an IPv6 address for GigabitEthernet 0/1.
[FirewallB] interface gigabitethernet 0/1
[FirewallB-GigabitEthernet0/1] ipv6 address 2001::1/16
[FirewallB-GigabitEthernet0/1] quit
# Configure a 6to4 tunnel.
[FirewallB] interface tunnel 0
[FirewallB-Tunnel0] ipv6 address 2002:0601:0101::1/64
[FirewallB-Tunnel0] source gigabitethernet 0/2
[FirewallB-Tunnel0] tunnel-protocol ipv6-ipv4 6to4
[FirewallB-Tunnel0] quit