Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
64
Configuring a DNS64 prefix
Ste
p
Command Remarks
1. Enter system
view.
system-view N/A
2. Configure a
DNS64 prefix.
aft prefix-dns64 dns64-prefix prefix-length
No DNS64 prefix is configured by
default.
NOTE:
The DNS64 prefix cannot be in the same network segment as the connected IPv6 network.
The DNS64 prefix cannot be the same as the IVI prefix.
Configuring an IVI prefix
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure an IVI
prefix.
aft prefix-ivi ivi-prefix
No IVI prefix is configured by
default.
NOTE:
The DNS64 prefix cannot be the same as the IVI prefix.
Configuring a 6to4 AFT policy
When the communication is initiated by an IPv6 host and the address of the IPv6 host is not an IVI
address, the AFT translates the IPv6 address into an IPv4 address based on the 6to4 ATF policy. The
detailed process is described as follows:
If the source IPv6 address of the packet matches the specified IPv6 ACL or the destination IPv6 address
prefix is the same as the specified DNS64 prefix, the AFT translates the source IPv6 address into an IPv4
address in the IPv4 address pool or the IPv4 address of an interface.
The AFT supports the following types of 6to4 AFT policy:
Type 1—IPv6 ACL + address pool
If the source IPv6 address matches the IPv6 ACL, the address is translated into an IPv4 address in the
specified address pool. If the no-pat keyword is specified, only the IP address is translated. If not, both
the IP address and the port number are translated to save the IPv4 addresses in the address pool.
Type 2—IPv6 ACL + interface address
If the source IPv6 address matches the IPv6 ACL, the AFT translates the address into the IPv4 address of
the specified interface. The port number is also translated.
Type 3—DNS64 prefix + address pool
If the prefix of the destination IPv6 address is the DNS64 prefix specified in the policy, the source address
is translated into an IPv4 address in the specified address pool. If the no-pat keyword is specified, only
the IP address is translated. Otherwise, both the IP address and the port number are translated to save
the IPv4 addresses in the address pool.