R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
109
# Enable IPv6.
<FirewallB> system-view
[FirewallB] ipv6
# Configure an IPv6 address for interface GigabitEthernet 0/1 (the physical interface of the
tunnel).
[FirewallB] interface gigabitethernet 0/1
[FirewallB-GigabitEthernet0/1] ipv6 address 1::2 64
[FirewallB-GigabitEthernet0/1] quit
# Configure an IPv4 address for interface GigabitEthernet 0/2.
[FirewallB] interface gigabitethernet 0/2
[FirewallB- GigabitEthernet0/2] ip address 20.1.1.1 24
[FirewallB- GigabitEthernet0/2] quit
# Create interface Tunnel 2.
[FirewallB] interface tunnel 2
# Configure an IPv4 address for interface Tunnel 2.
[FirewallB-Tunnel2] ip address 30.1.2.2 255.255.255.0
# Specify the tunnel encapsulation mode.
[FirewallB-Tunnel2] tunnel-protocol ipv4-ipv6 dslite-aftr
# Configure the source interface for interface Tunnel 2.
[FirewallB-Tunnel2] source gigabitethernet 0/1
[FirewallB-Tunnel2] quit
# Configure NAT and use the IP address of interface GigabitEthernet 0/2 as the translated IP
address.
[FirewallB] acl number 2000
[FirewallB-acl-basic-2000] rule permit source 10.0.0.0 0.0.0.255
[FirewallB-acl-basic-2000] quit
[FirewallB] interface gigabitethernet 0/2
[FirewallB-GigabitEthernet0/2] nat outbound 2000
[FirewallB-GigabitEthernet0/2] quit
• Configure Firewall C (the DHCPv6 server):
# Enable IPv6.
<FirewallC> system-view
[FirewallC] ipv6
# Enable DHCPv6.
[FirewallC] ipv6 dhcp server enable
# Create address pool 1 and specify the address of the AFTR (1::2).
[FirewallC] ipv6 dhcp pool 1
[FirewallC-dhcp6-pool-1] ds-lite address 1::2
[FirewallC-dhcp6-pool-1] quit
# Configure the IPv6 address of interface GigabitEthernet 0/1.
[FirewallC] interface gigabitethernet 0/1
[FirewallC-GigabitEthernet0/1] ipv6 address 1::3 64
# Apply address pool 1 to the interface.
[FirewallC-GigabitEthernet0/1] ipv6 dhcp server apply pool 1