Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
70
[FirewallC] interface gigabitethernet 0/1
[FirewallC-GigabitEthernet0/1] ip address 4.4.4.2 24
[FirewallC-GigabitEthernet0/1] quit
# Configure a static route to the IPv4 network (6.6.6.0/24) embedded in the IVI address.
[FirewallC] ip route-static 6.6.6.0 24 4.4.4.1
Verifying the configuration
Execute the ping 6.6.6.2 command on Firewall C. The ping operation should be successful.
# Execute the display session table verbose command on Firewall B to display the established sessions.
[FirewallB] display session table verbose
Initiator:
Source IP/Port : 4.4.4.2/2048
Dest IP/Port : 6.6.6.2/1
VPN-Instance/VLAN ID/VLL ID:
Responder:
Source IP/Port : 0006:0:ff06:0606:0200::/33024
Dest IP/Port : 2000:0:0404:0402::/1
VPN-Instance/VLAN ID/VLL ID:
Pro: ICMP(1) App: unknown State: ICMP-CLOSED
Start time: 2010-12-21 16:27:00 TTL: 23s
Root Zone(in): Management
Zone(out):
Received packet(s)(Init): 5 packet(s) 420 byte(s)
Received packet(s)(Reply): 5 packet(s) 520 byte(s)
Total find: 1
Configuring the DNS64 function of AFT
Network requirements
Firewall C is in an IPv4 network and has an IPv4 address of 4.4.4.2 and a domain name of
FirewallC.com.
Firewall A is in an IPv6 network and has an IPv6 address of 6::2.
The DNS server is in the IPv4 network and has an address of 3.3.3.5. The DNS server has the
mapping between FirewallC.com and 4.4.4.2.
Firewall A wishes to visit Firewall C through domain name FirewallC.com.
To meet the requirements, perform the following configurations:
On Firewall B, enable AFT, and configure a DNS64 prefix and a 6to4 AFT policy because the
address of Firewall A is not an IVI address.
Enable dynamic domain name resolution on Firewall A and specify the IPv6 address of the DNS
server (2000:0:303:305::, which is translated from IPv4 address 3.3.3.5).