HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

391

392

393

394

395

396

397

398

399

400

390

• Type 4—Associate a DNS64 prefix with an interface address

If the prefix of the destination IPv6 address is the DNS64 prefix specified in the policy, AFT

translates the source address into the IPv4 address of the interface associated with the DNS64

prefix. The port number is also translated.

The AFT address pool contains a range of continuous IPv4 addresses. When the AFT policy is type 1 or

type 3, the AFT chooses an IPv4 address from the address pool as the translated IPv4 address.

Configure the DNS64 prefix by using the aft prefix-dns64 command.

To configure the 6to4 AFT policy:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Configure an AFT IPv4

address pool.

aft address-group group-number

start-ipv4-address end-ipv4-address

Required for type 1 and

type 3.

Ignored for type 2 and

type 4.

You cannot configure

an AFT address pool

and a NAT-PT address

pool with the same

number at the same

time.

3. Configure the 6to4 AFT

policy.

• Associate an IPv6 ACL with an address

pool:

aft v6tov4 acl6 number acl6-number

address-group group-number [ no-pat ]

• Associate an IPv6 ACL with an interface

address:

aft v6tov4 acl6 number acl6-number

interface interface-type interface-number

• Associate a DNS64 prefix with an address

pool:

aft v6tov4 prefix-dns64 dns64-prefix

prefix-length address-group group-number

[ no-pat ]

• Associate a DNS64 prefix with an interface

address:

aft v6tov4 prefix-dns64 dns64-prefix

prefix-length interface interface-type

interface-number

Configure one of them.

Configuring 4to6 AFT policies

When the communication is initiated by an IPv4 host, the source and destination IPv4 addresses are

translated into IPv6 addresses based on two 4to6 AFT policies.

One 4to6 AFT policy is used for source address translation, and the other is for destination address

translation.

• Policy for the source IPv4 address translation—If the packet matches the specified ACL, the AFT

translates the source address into an IPv6 address by using the specified DNS64 prefix. If not, the