HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

391

392

393

394

395

396

397

398

399

400

389

• The DNS64 prefix cannot be the same as the IVI prefix.

To configure a DNS64 prefix:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Configure a DNS64

prefix.

aft prefix-dns64 dns64-prefix

prefix-length

No DNS64 prefix is configured by

default.

Repeat the command to configure

multiple DNS64 prefixes.

Configuring an IVI prefix

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Configure an IVI prefix.

aft prefix-ivi ivi-prefix

No IVI prefix is configured by default.

The DNS64 prefix cannot be the

same as the IVI prefix.

Repeat this command to configure

multiple IVI prefixes.

Configuring a 6to4 AFT policy

When the communication is initiated by an IPv6 host and the address of the IPv6 host is not an IVI

address, the AFT translates the IPv6 address into an IPv4 address based on the 6to4 ATF policy. The

detailed process is described as follows:

If the source IPv6 address of the packet matches the specified IPv6 ACL or the destination IPv6 address

prefix is the same as the specified DNS64 prefix, the AFT translates the source IPv6 address into an IPv4

address in the IPv4 address pool or the IPv4 address of an interface. For more information about ACLs,

see ACL and QoS Configuration Guide.

The AFT supports the following types of 6to4 AFT policy:

• Type 1—Associate an IPv6 ACL with an address pool

If the source IPv6 address matches the IPv6 ACL, the address is translated into an IPv4 address in

the address pool associated with the IPv6 ACL. If the no-pat keyword is specified, only the IP

address is translated. If not, both the IP address and the port number are translated to save the IPv4

addresses in the address pool.

• Type 2—Associate an IPv6 ACL with an interface address

If the source IPv6 address matches the IPv6 ACL, the AFT translates the address into the IPv4

address of the interface associated with the IPv6 ACL. The port number is also translated.

• Type 3—Associate a DNS64 prefix with an address pool

If the prefix of the destination IPv6 address is the DNS64 prefix specified in the policy, the source

address is translated into an IPv4 address in the address pool associated with the DNS64 prefix.

If the no-pat keyword is specified, only the IP address is translated. Otherwise, both the IP address

and the port number are translated to save the IPv4 addresses in the address pool.