R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
75
Configuring tunneling
Overview
Tunneling is an encapsulation technology. It uses one network protocol to encapsulate packets of another
network protocol and transfer them over a virtual point-to-point connection. The virtual connection is
called a tunnel. Packets are encapsulated and de-encapsulated at both ends of a tunnel. Tunneling refers
to the whole process from data encapsulation to data transfer to data de-encapsulation.
Tunneling provides the following features:
• Transition techniques, such as IPv6 over IPv4 tunneling, to interconnect IPv4 and IPv6 networks.
• Virtual private networks (VPNs) for guaranteeing communication security, such as IPv4 over IPv4
tunneling, IPv4/IPv6 over IPv6 tunneling, Generic Routing Encapsulation (GRE), and IPsec
tunneling.
Unless otherwise specified, the term "tunnel" used throughout this chapter refers to an IPv6 over IPv4,
IPv4 over IPv4, IPv4 over IPv6, or IPv6 over IPv6 tunnel.
NOTE:
• For more information about GRE, see "Configuring GRE."
• For more information about IPsec, see "Configuring IPsec."
IPv6 over IPv4 tunnels
Implementation
IPv6 over IPv4 tunneling adds an IPv4 header to IPv6 data packets so that IPv6 packets can pass an IPv4
network through a tunnel to realize internetworking between isolated IPv6 networks, as shown in Figure
64. T
he IPv6 over IPv4 tunnel can be established between two hosts, a host and a device, or two devices.
The tunnel destination node can forward IPv6 packets if it is not the destination of the IPv6 packets.
NOTE:
The devices at both ends of an IPv6 over IPv4 tunnel must support the IPv4/IPv6 dual stack.
Figure 64 IPv6 over IPv4 tunnel