HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

391

392

393

394

395

396

397

398

399

400

386

5. Translates and forwards the response packet. Upon receiving a response from the IPv4 host, the

AFT replaces the IPv4 addresses in the packet header with IPv6 addresses based on the recorded

address mappings and forwards the packet to the IPv6 host.

To view the address mappings, use the display session table command. For more information about this

command, see Security Configuration Guide.

Communication initiated by an IPv4 host

Figure 303 shows the AFT process when communication is initiated by an IPv4 host.

Figure 303 Communication initiated by an IPv4 host

AFT operates as follows:

1. Determines whether address translation is needed. If the destination IPv4 address of the packet

matches the configured AFT policy for 4to6 destination address translation, address translation is

needed.

2. Translates the source IP address. If the packet matches the AFT policy for 4to6 source address

translation, the AFT adds the DNS64 prefix referenced by the policy to the address to translate it

into an IPv6 address. If not, the AFT adds the first configured DNS64 prefix to the address to

translate it into an IPv6 address.

3. Translates the destination address. If the destination IPv4 address of the packet matches the AFT

policy for 4to6 destination address translation, the AFT adds the IVI prefix referenced by the 4to6

AFT policy to the IPv4 destination address to translate it into an IPv6 address.

4. Forwards the packet and records the mappings. The AFT performs protocol translation such as

changing the IPv4 header to the IPv6 header, forwards the packet, and records the IPv4-IPv6

mappings.

5. Translate and forwards the response packet. Upon receiving a response from the IPv6 host, the

AFT replaces the IPv6 addresses in the packet header with IPv4 addresses based on the recorded

address mappings and forwards the packet to the IPv4 host.

To view the address mappings, use the display session table command. For more information about this

command, see Security Configuration Guide.

IPv6

host IPv4 host

AFT

Dst : 2000:0: 101: 101::

Src : 3000:0:FF02:

202

200

IPv6 addr: 3000:0:FF02:202:200::

Embedded IPv4 addr: 2.2.2.2

IPv4 addr: 1.1.1.1

Translated IPv6 addr: 2000:0:101:101::

DNS64 prefix: 2000::/32

IVI prefix: 3000::/32

Dst : 1.1.1.1

Src : 2.2.2.2

Dst: 2.2.2.2

Src: 1.1.1.1 1

Dst : 3000:0: FF02: 202:200::

Src : 2000:0: 101:101::

Translates addresses based

on v4tov6 AFT policy

Translates addresses based

on the recorded mappings