HP VPN Firewall Appliances VPN Configuration Guide
79
6to4 relay configuration example
Network requirements
As shown in Figure 67, Firewall A is a 6to4 firewall, and 6to4 addresses are used on the connected IPv6
network. Firewall B serves as a 6to4 relay firewall and is connected to an IPv6 network (2001::/16).
Configure a 6to4 tunnel between Firewall A and Firewall B to make Host A and Host B reachable to each
other.
Figure 67 Network diagram
Configuration procedure
Make sure Firewall A and Firewall B can reach each other through IPv4.
The configuration on a 6to4 relay firewall is similar to that on a 6to4 firewall. However, to enable
communication between the 6to4 network and the IPv6 network, you must configure a route to the IPv6
network on the 6to4 firewall.
• Configure Firewall A:
# Enable IPv6.
<FirewallA> system-view
[FirewallA] ipv6
# Configure an IPv4 address for GigabitEthernet 0/2.
[FirewallA] interface gigabitethernet 0/2
[FirewallA-GigabitEthernet0/2] ip address 2.1.1.1 255.255.255.0
[FirewallA-GigabitEthernet0/2] quit
# Configure an IPv6 address for GigabitEthernet 0/1.
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] ipv6 address 2002:0201:0101:1::1/64
[FirewallA-GigabitEthernet0/1] quit
# Configure a 6to4 tunnel.
[FirewallA] interface tunnel 0
[FirewallA-Tunnel0] ipv6 address 2002:0201:0101::1/64
[FirewallA-Tunnel0] source gigabitethernet 0/2
[FirewallA-Tunnel0] tunnel-protocol ipv6-ipv4 6to4
[FirewallA-Tunnel0] quit
# Configure a static route to the 6to4 relay firewall.
[FirewallA] ipv6 route-static 2002:0601:0101:: 64 tunnel 0
GE0/2
2.1.1.1/24
GE0/2
6.1.1.1/24
GE0/1
2002:0201:0101:1::1/64
GE0/1
2001::1/64
Firewall A
Firewall B
6to4 firewall
Host A
2002:0201:0101:1::2/64
Host B
2001::2/64
6to4 network
IPv4 netwok
6to4 relay
IPv6 network
6to4 tunnel
Tunnel 0
2002:0201:0101::1/64
Tunnel 0
2002:0601:0101::1/64