Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
65
Type 4—DNS64 prefix + interface address
If the prefix of the destination IPv6 address is the DNS64 prefix specified in the policy, AFT translates the
source address into the IPv4 address of the specified interface. The port number is also translated.
To configure the 6to4 AFT policy:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Configure an AFT IPv4
address pool.
aft address-group group-number start-ipv4-address
end-ipv4-address
Required for type 1
and type 3.
Ignored for type 2
and type 4.
3. Configure the AFT
policy.
Configure the AFT policy (IPv6 ACL + address pool):
aft v6tov4 acl6 number acl6-number address-group
group-number [ no-pat ]
Configure the AFT policy (IPv6 ACL + interface
address):
aft v6tov4 acl6 number acl6-number interface
interface-type interface-number
Configure the AFT policy (DNS64 prefix + address
pool):
aft v6tov4 prefix-dns64 dns64-prefix prefix-length
address-group group-number [ no-pat ]
Configure the AFT policy (DNS64 prefix + interface
address):
aft v6tov4 prefix-dns64 dns64-prefix prefix-length
interface interface-type interface-number
Configure one of the
commands.
NOTE:
The AFT address pool contains a ran
g
e of continuous IPv4 addresses. When the AFT policy is type 1 or
type 3, the AFT choose an IPv4 address from the address pool as the translated IPv4 address.
The DNS64 prefix must be configured with the aft prefix-dns64 command.
For more information about ACL, see
Access Control Configuration Guide
.
Configuring 4to6 AFT policies
When the communication is initiated by an IPv4 host, the source and destination IPv4 addresses are
translated into IPv6 addresses based on two 4to6 AFT policies.
One 4to6 AFT policy is used for source address translation, and the other is for destination address
translation.
Policy for the source IPv4 address translation: If the packet matches the specified ACL, the AFT
translates the source address into an IPv6 address by using the specified DNS64 prefix. If not, the
AFT translates the address into an IPv6 address by using the first configured DNS64 prefix.
Policy for destination IPv4 address translation: If the destination IPv4 address matches the specified
ACL, the AFT translates the address into an IPv6 address by using the specified IVI prefix. If not, the
address is not translated.
To configure 4to6 AFT policy: