Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
101102103104105106107108109110
95
# Configure an IPv6 address for interface GigabitEthernet 0/2, which is the physical interface of
the tunnel.
[FirewallA] interface GigabitEthernet0/2
[FirewallA- GigabitEthernet0/2] ipv6 address 1::1 64
[FirewallA- GigabitEthernet0/2] quit
# Create interface Tunnel 1.
[FirewallA] interface tunnel 1
# Configure an IPv4 address for interface Tunnel 1.
[FirewallA-Tunnel1] ip address 30.1.2.1 255.255.255.0
# Specify the tunnel encapsulation mode as IPv4 over IPv6.
[FirewallA-Tunnel1] tunnel-protocol ipv4-ipv6 dslite-cpe
# Configure a source interface for Tunnel 1
[FirewallA-Tunnel1] source gigabitethernet 0/2
[FirewallA-Tunnel1] quit
# Configure a static route to the public IPv4 network.
[FirewallA] ip route-static 20.1.1.0 255.255.255.0 tunnel 1
Configure Firewall B (the AFTR):
# Enable IPv6.
<FirewallB> system-view
[FirewallB] ipv6
# Configure an IPv6 address for interface GigabitEthernet 0/1, which is the physical interface of
the tunnel.
[FirewallB] interface gigabitethernet 0/1
[FirewallB-GigabitEthernet0/1] ipv6 address 1::2 64
[FirewallB-GigabitEthernet0/1] quit
# Configure an IPv4 address for interface GigabitEthernet 0/2.
[FirewallB] interface gigabitethernet 0/2
[FirewallB-GigabitEthernet0/2] ip address 20.1.1.1 24
[FirewallB-GigabitEthernet0/2] quit
# Create interface Tunnel 2.
[FirewallB] interface tunnel 2
# Configure an IPv4 address for interface Tunnel 2.
[FirewallB-Tunnel2] ip address 30.1.2.2 255.255.255.0
# Specify the tunnel encapsulation mode as IPv4 over IPv6.
[FirewallB-Tunnel2] tunnel-protocol ipv4-ipv6 dslite-aftr
# Configure the source interface for interface Tunnel 2.
[FirewallB-Tunnel2] source gigabitethernet 0/1
[FirewallB-Tunnel2] quit
# Configure NAT and use the IP address of interface GigabitEthernet 0/2 as the translated IP
address.
[FirewallB] acl number 2000
[FirewallB-acl-basic-2000] rule permit source 10.0.0.0 0.0.0.255
[FirewallB-acl-basic-2000] quit
[FirewallB] interface gigabitethernet 0/2
[FirewallB-GigabitEthernet0/2] nat outbound 2000