Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
101102103104105106107108109110
93
the address of the AFTR through DHCPv6 and uses the address as the destination address of the
tunnel.
To configure the CPE of a DS-Lite tunnel:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable IPv6.
ipv6 No enabled by default.
3. Enter tunnel interface view.
interface tunnel number N/A
4. Configure an IPv4 address
for the tunnel interface.
ip address ip-address { mask |
mask-length } [ sub ]
By default, no IPv4 address is
configured for the tunnel interface.
5. Specify the DS-Lite- CPE
tunnel mode.
tunnel-protocol ipv4-ipv6
dslite-cpe
The default tunnel mode is GRE over
IPv4 mode.
The tunnel mode at the other end of
the tunnel should be DS-Lite AFTR.
Otherwise, packet delivery fails.
6. Configure the source
interface for the tunnel
interface.
source interface-type
interface-number
By default, no source interface is
configured for the tunnel.
Configuring the AFTR of a tunnel
Follow these guidelines when you configure the AFTR of a DS-Lite tunnel:
Tunnel interfaces using the same encapsulation protocol must have different source and destination
addresses.
If you configure the source interface for the tunnel, the primary IP address of the source interface is
the source address of the tunnel.
Configuring a destination address on the AFTR is unnecessary. When receiving a packet from the
tunnel, the AFTR records the source IPv6 address of the packet and uses it as the IPv6 address of the
tunnel destination (address of the CPE).
Enable NAT on the AFTR's interface which is connected to the Internet. AFTR does not support static
NAT mappings or VPN instance matching. If an ACL rule includes a VPN instance, the rule does not
take effect.
A CPE tunnel interface can establish tunnel with only one AFTR tunnel interface, but an AFTR tunnel
interface can establish tunnels with multiple CPE tunnel interfaces.
To configure the AFTR of a DS-Lite tunnel:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enable IPv6.
ipv6
By default, the IPv6 packet
forwarding function is disabled.
3. Enter tunnel interface view.
interface tunnel number N/A
4. Configure an IPv4 address for
the tunnel interface.
ip address ip-address { mask |
mask-length } [ sub ]
By default, no IPv4 address is
configured for the tunnel interface.