R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
67
Figure 61 Network diagram
Configuration procedure
1. Configure Firewall B (the AFT):
# Enable IPv6.
<FirewallB> system-view
[FirewallB] ipv6
# Configure IP addresses for the interfaces and enable AFT on the interfaces.
[FirewallB] interface gigabitethernet 0/1
[FirewallB-GigabitEthernet0/1] ipv6 address 6:0:ff06:606:100::/64
[FirewallB-GigabitEthernet0/1] aft enable
[FirewallB-GigabitEthernet0/1] quit
[FirewallB] interface gigabitethernet 0/2
[FirewallB-GigabitEthernet0/2] ip address 4.4.4.1 24
[FirewallB-GigabitEthernet0/2] aft enable
[FirewallB-GigabitEthernet0/2] quit
# Configure the DNS64 prefix.
[FirewallB] aft prefix-dns64 2000:: 32
# Configure the IVI prefix.
[FirewallB] aft prefix-ivi 6::
2. Configure Firewall A:
# Enable IPv6.
<FirewallA> system-view
[FirewallA] ipv6
# Configure an IPv6 address for interface GigabitEthernet 0/1 on Firewall A.
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] ipv6 address 6:0:ff06:606:200::/64
[FirewallA-GigabitEthernet0/1] quit
# Configure a static route to network 2000::/32 (the DNS64 prefix).
[FirewallA] ipv6 route-static 2000:: 32 6:0:ff06:606:100::
3. Configure Firewall C:
# Configure an IP address for interface GigabitEthernet 0/1.
<FirewallC> system-view
[FirewallC] interface gigabitethernet 0/1
[FirewallC-GigabitEthernet0/1] ip address 4.4.4.2 24
[FirewallC-GigabitEthernet0/1] quit
# Configure a static route to the IPv4 network (6.6.6.0/24) embedded in the IVI address.
[FirewallC] ip route-static 6.6.6.0 24 4.4.4.1