Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
66
{ The AFTR performs NAT.
When a host serves as the CPE, the process is similar and therefore is not shown.
NAT supports both basic address translation between private and public addresses and Network
Address Port Translation (NAPT), which translates both IP address (private or public) and port
number. Figure 62 shows an example of NAPT. For more information about NAT, see NAT and
ALG Config
uration Guide.
DS-Lite tunnel supports only an IPv4 host in a private network initiating communication with an IPv4
host on the Internet and does not support an IPv4 host on the Internet initiating communication with
an IPv4 host in a private network.
IPv6 over IPv6 tunneling
IPv6 over IPv6 tunneling (RFC 2473) enables isolated IPv6 networks to communicate with each other over
another IPv6 network. For example, two isolated IPv6 networks that do not want to show their addresses
to the Internet can use an IPv6 over IPv6 tunnel to communicate with each other.
Encapsulation and de-encapsulation
Figure 63 Principle of IPv6 over IPv6 tunneling
Figure 63 shows the encapsulation and de-encapsulation processes:
Encapsulation
a. After receiving the an IPv6 packet, Device A submits it to the IPv6 protocol stack.
b. The IPv6 protocol stack uses the destination IPv6 address of the packet to find the output
interface. If the output interface is the tunnel interface, the stack delivers it to the tunnel
interface.
c. After receiving the packet, the tunnel interface adds an IPv6 header to it and submits it to the
IPv6 protocol stack.
d. The IPv6 protocol stack forwards the packet according to its destination IPv6 address.
De-encapsulation
a. Upon receiving the IPv6 packet, Device B delivers it to the IPv6 protocol stac
k.
b. The IPv6 protocol stack checks the protocol type of the data portion encapsulated in the IPv6
packet. If the encapsulation protoc
ol is IPv6, the stack delivers the packet to the tunnel module.
c. The tunnel module de-encapsulates the packet and sends it back to the IPv6 protocol stack.
d. The IPv6 protocol stack forwards the IPv6 packet.
GRE can also realiz
e the IPv6 over IPv6 tunneling. For related information, see "Configuring GRE."