HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

Ste

Command

Remarks

5. Specify the DS-Lite AFTR tunnel

mode.

tunnel-protocol ipv4-ipv6

dslite-aftr

The default tunnel mode is GRE over

IPv4 mode.

The tunnel mode at the other end of

the tunnel should be DS-Lite CPE.

Otherwise, packet delivery fails.

6. Configure the source address

or interface for the tunnel

interface.

source { ipv6-address |

interface-type

interface-number }

By default, no source address or

interface is configured for the tunnel.

Configuration example

Network requirements

As shown in Figure 71, a private IPv4 network and a public IPv4 network are separated by an IPv6

network.

Build a DS-Lite tunnel between CPE (Firewall A) and AFTR (Firewall B) and configure NAT on AFTR's

interface connecting to the public IPv4 network, so that hosts in the private IPv4 network can access the

public IPv4 network and hosts from different private IPv4 networks can use the same IPv4 addresses.

In the IPv6 network, deploy a DHCPv6 server (Firewall C) for CPE to obtain AFTR's IPv6 address.

Figure 71 Network diagram

Configuration procedure

Before you configure a DS-Lite tunnel, make sure Firewall A and Firewall B are reachable to each other.

In this example, Firewall A and Firewall C are in the same network segment. Otherwise, you must deploy

a DHCPv6 relay agent between them. DHCPv6 relay agent is beyond the scope of this document. For

more information about DHCPv6, see Network Management Configuration Guide.

• Configure Firewall A (the CPE):

# Enable IPv6.

<FirewallA> system-view

[FirewallA] ipv6

# Configure an IPv4 address for interface GigabitEthernet 0/1.

[FirewallA] interface gigabitethernet 0/1

[FirewallA-GigabitEthernet0/1] ip address 10.0.0.2 255.255.255.0

[FirewallA-GigabitEthernet0/1] quit