Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
111112113114115116117118119120
108
Figure 78 Network diagram
Configuration procedure
NOTE:
Before configuring a DS-lite tunnel, make sure that Firewall A and Firewall B are reachable to each
other.
In this example, Firewall A and Firewall C are in the same network segment. Otherwise, you must deplo
y
a DHCPv6 relay agent between them. DHCPv6 relay agent is beyond the scope of this document. For
more information about DHCPv6, see
Network Management Configuration Guide
.
Configure Firewall A (the CPE):
# Enable IPv6.
<FirewallA> system-view
[FirewallA] ipv6
# Configure an IPv4 address for interface GigabitEthernet 0/1.
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] ip address 10.0.0.2 255.255.255.0
[FirewallA-GigabitEthernet0/1] quit
# Configure an IPv6 address for interface GigabitEthernet 0/2 (the physical interface of the
tunnel).
[FirewallA] interface gigabitethernet 0/2
[FirewallA- GigabitEthernet0/2] ipv6 address 1::1 64
[FirewallA- GigabitEthernet0/2] quit
# Create interface Tunnel 1.
[FirewallA] interface tunnel 1
# Configure an IPv4 address for interface Tunnel 1.
[FirewallA-Tunnel1] ip address 30.1.2.1 255.255.255.0
# Specify the tunnel encapsulation mode.
[FirewallA-Tunnel1] tunnel-protocol ipv4-ipv6 dslite-cpe
# Configure a source interface for Tunnel 1
[FirewallA-Tunnel1] source gigabitethernet 0/2
[FirewallA-Tunnel1] quit
# Configure a static route to the public IPv4 network.
[FirewallA] ip route-static 20.1.1.0 255.255.255.0 tunnel 1
Configure Firewall B (the AFTR):