Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
66
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Configure the 4to6 AFT policy for
source address translation.
aft v4tov6 acl number acl-number
prefix-dns64 dns64-prefix prefix-length
Optional.
3. Configure the 4to6 AFT policy for
destination address translation.
aft v4tov6 acl number acl-number prefix-ivi
ivi-prefix
N/A
NOTE:
The DNS64 and IVI prefixes must be those configured by the aft prefix-dns64 and aft prefix-ivi
commands.
With the DNS64 function, the AFT translates the IPv4 address resolved by the DNS server into an IPv6
address by using the DNS64 prefix specified in the 4to6 AFT policy for source address translation.
The ACL specified in the aft v4tov6 acl number prefix-ivi command must be configured to check the
destination addresses of packets.
For more information about ACL, see
Access Control Configuration Guide
.
Displaying and maintaining AFT
Task Command
Remarks
Display all AFT related
information.
display aft all [ | { begin | exclude | include }
regular-expression ]
Available in any view
Display AFT address pool
configuration information.
display aft address-group [ | { begin |
exclude | include } regular-expression ]
Available in any view
Display AFT address mappings
information.
display aft address-mapping [ | { begin |
exclude | include } regular-expression ]
Available in any view
Display AFT statistics.
display aft statistics [ | { begin | exclude |
include } regular-expression ]
Available in any view
Clear all AFT statistics. reset aft statistics Available in user view
AFT configuration examples
An IPv6 host with an IVI address initiates communication with
an IPv4 host
Network requirements
As shown in Figure 61, Firewall A is in an IPv6 network and has an address of 6:0:ff06:606:200::, and
Firewall C is in an IPv4 network and has an address of 4.4.4.2. Firewall A wishes to communicate with
Firewall C.
The IPv6 address of Firewall A is an IVI address. For Firewall A to communicate with Firewall C, enable
AFT and configure DNS64 and IVI prefixes on Firewall B.