Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
16
Use undo aft v4tov6 to delete a specified AFT policy.
NOTE:
The DNS64 and IVI prefixes must be those configured through the aft prefix-dns64 and aft prefix-ivi
commands.
The ACL specified in the aft v4tov6 acl number prefix-ivi command must be configured to check the
destination addresses of packets.
Different AFT policies cannot reference the same ACL.
Related commands: display aft all.
Examples
# Configure a 4to6 AFT policy so that: If a packet matches ACL 2000, translate the source IPv4 address
into an IPv6 address using the DNS64 prefix 2000::/32; if a packet matches ACL 3000, translate the
destination IPv4 address into an IPv6 address using the IVI prefix 3000::.
<Sysname> system-view
[Sysname] aft prefix-dns64 2000:: 32
[Sysname] aft prefix-ivi 3000::
[Sysname] aft v4tov6 acl number 2000 prefix-dns64 2000:: 32
[Sysname] aft v4tov6 acl number 3000 prefix-ivi 3000::
aft v6tov4
Syntax
aft v6tov4 { acl6 number acl6-number | prefix-dns64 dns64-prefix prefix-length } { address-group
group-number [ no-pat ] | interface interface-type interface-number }
undo aft v6tov4 { acl6 number acl6-number | prefix-dns64 dns64-prefix prefix-length }
View
System view
Default Level
2: System level
Parameters
acl6 number acl6-number: Specifies the number of an IPv6 ACL in the range of 2000 to 3999. If the
source IPv6 address of a packet matches the specified IPv6 ACL, the source IPv6 address is translated
into an IPv4 address accordingly.
prefix-dns64 dns64-prefix prefix-length: Specifies the DNS64 prefix. If the destination address of a
packet from an IPv6 network to an IPv4 network contains the specified DNS64 prefix, the AFT translates
the source IPv6 address into an IPv4 address. The dns64-prefix argument represents the DNS64 prefix,
and the prefix-length argument represents the prefix length, which can be 32, 40, 48, 56, 64, or 96 bits.
address-group group-number: Specifies the IPv4 address group for address translation. The AFT
translates the source IPv6 addresses into IPv4 addresses in this pool. The address-group argument
represents the address pool number, which ranges from 1 to 32.
no-pat: Disables port number translation. If the no-pat keyword is not provided, port number translation
is also performed.