You are here: Cookbook > IPv6 > Connecting IPv6 and IPv4 Networks

Connecting IPv6 and IPv4 Networks

One enterprise has a headquarters, branch A and branch B. The headquarters and two branches all can access the Internet. The headquarters and branch A are deployed with IPv6 network for intranet and IPv4 network for internet, while the branch B is deployed with IPv4-only networks for both intranet and internet. For the business needs, it’s necessary to connect IPv6 and IPv4 networks to achieve the following goals:

  • The IPv6 network of headquarters can connect with the IPv4 Internet and be accessed by the Internet users.

  • The networks of headquarters can connect with the IPv6 network of branch A via 6in4 tunnel.

  • The networks of headquarters can connect with the IPv4 network of branch B.

The headquarters, branch A and branch B is deployed with a Hillstone device separately and the topology is as follows:

There are three parts of configurations:

  • Configuring networks of headquarters
  • Configuring networks of branch A
  • Configuring networks of branch B

Configuring Networks of Headquarters

Step 1: Configure the interface and zone.

hostname(config)# interface ethernet0/1

hostname(config-if-eth0/1)# zone untrust

hostname(config-if-eth0/1)# ip address 200.0.0.2 255.255.255.0

hostname(config-if-eth0/1)# manage http

hostname(config-if-eth0/1)# exit

hostname(config)# interface ethernet0/2

hostname(config-if-eth0/2)# zone trust

hostname(config-if-eth0/2)# dns-proxy

hostname(config-if-eth0/2)# ipv6 enable

hostname(config-if-eth0/2)# ipv6 address 2005::1/96

hostname(config-if-eth0/2)# manage ping

hostname(config-if-eth0/2)# exit

hostname(config)# interface tunnel1

hostname(config-if-tun1)# zone trust

hostname(config-if-tun1)# ipv6 enable

hostname(config-if-tun1)# tunnel ip6in4 branchA

hostname(config-if-tun1)# exit

Configure the route and NAT rules, including headquarters accessing the Internet, headquarters communicating with branch B, and public IP accessing IPv6 server of headquarters.

hostname(config)# ip vrouter trust-vr

hostname(config-vrouter)# snatrule id 1 from 2005::/96 to 2003::/96 service any eif ethernet0/1 trans-to eif-ip mode dynamicport

hostname(config-vrouter)# snatrule id 2 from 2005::2/96 to 2004::2 service any eif ethernet0/1 trans-to eif-ip mode dynamicport

hostname(config-vrouter)# snatrule id 3 from any to 200.0.0.2 service any eif ethernet0/2 trans-to 2005::1 mode dynamicport

hostname(config-vrouter)# dnatrule id 1 from 2005::/96 to 2003::/96 service any v4-mapped

hostname(config-vrouter)# dnatrule id 2 from 2005::2/96 to 2004::2 service any trans-to 200.0.0.4

hostname(config-vrouter)# dnatrule id 3 from any to 200.0.0.2 service any trans-to 2005::2

hostname(config-vrouter)# ip route 0.0.0.0/0 200.0.0.1

hostname(config-vrouter)# ipv6 route 2001::/96 tunnel1

hostname(config-vrouter)# exit

Step 3: Configure the policy.

hostname(config)# policy-global

hostname(config-policy)# rule id 1

Rule id 1 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-addr any

hostname(config-policy-rule)# dst-addr any

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit

hostname(config)# policy-global

hostname(config-policy)# rule id 2

Rule id 2 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-ip 2005::/96

hostname(config-policy-rule)# dst-ip 2004::/96

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit

hostname(config)# policy-global

hostname(config-policy)# rule id 3

Rule id 3 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-ip 2005::/96

hostname(config-policy-rule)# dst-ip 2003::/96

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit

hostname(config)# policy-global

hostname(config-policy)# rule id 4

Rule id 4 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-ip 2005::/96

hostname(config-policy-rule)# dst-ip 2001::/96

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit

hostname(config)# policy-global

hostname(config-policy)# rule id 5

Rule id 5 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-ip 2001::/96

hostname(config-policy-rule)# dst-ip 2005::/96

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit

hostname(config)# policy-global

hostname(config-policy)# rule id 6

Rule id 6 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-ip ipv6-any

hostname(config-policy-rule)# dst-ip ipv6-any

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit

Step 4: Configure an IPv6 tunnel.

hostname(config)# tunnel ip6in4 branchA manual

hostname(config-ip6in4-manual)# interface ethernet0/1

hostname(config-ip6in4-manual)# destination 200.0.0.3

hostname(config-ip6in4-manual)# exit

hostname(config)# ip name-server 8.8.8.8 vrouter trust-vr

hostname(config)# ip dns-proxy domain any name-server 8.8.8.8 vrouter trust-vr

hostname(config)# ipv6 dns64-proxy id 1 prefix 2003::/96 source 2005::/96 trans-mapped-ip any

Note: The ipv6 dns64-proxy command is not supported for some versions.

Configuring Networks of Branch A

Step 1: Configure the interface and zone.

hostname(config)# interface ethernet0/1

hostname(config-if-eth0/1)# zone untrust

hostname(config-if-eth0/1)# ip address 200.0.0.3 255.255.255.0

hostname(config-if-eth0/1)# manage ping

hostname(config-if-eth0/1)# exit

hostname(config)# interface ethernet0/2

hostname(config-if-eth0/2)# zone trust

hostname(config-if-eth0/2)# ipv6 enable

hostname(config-if-eth0/2)# ipv6 address 2001::1/96

hostname(config-if-eth0/2)# manage ping

hostname(config-if-eth0/2)# exit

hostname(config)# interface tunnel1

hostname(config-if-tun1)# zone trust

hostname(config-if-tun1)# ipv6 enable

hostname(config-if-tun1)# tunnel ip6in4 headquarters

hostname(config-if-tun1)# exit

Step 2: Configure the route and NAT rules.

hostname(config)# ip vrouter trust-vr

hostname(config-vrouter)# ip route 0.0.0.0/0 200.0.0.1

hostname(config-vrouter)# ipv6 route 2005::/96 tunnel1

hostname(config-vrouter)# exit

Step 3: Configure the policy.

hostname(config)# policy-global

hostname(config-policy)# rule id 31

Rule id 31 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-addr any

hostname(config-policy-rule)# dst-addr any

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit

hostname(config)# policy-global

hostname(config-policy)# rule id 32

Rule id 32 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-ip 2001::/96

hostname(config-policy-rule)# dst-ip 2005::/96

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit

hostname(config)# policy-global

hostname(config-policy)# rule id 33

Rule id 33 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-ip 2005::/96

hostname(config-policy-rule)# dst-ip 2001::/96

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit

hostname(config)# policy-global

hostname(config-policy)# rule id 34

Rule id 34 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-ip ipv6-any

hostname(config-policy-rule)# dst-ip ipv6-any

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit

Step 4: Configure an IPv6 tunnel.

hostname(config)# tunnel ip6in4 headquarters manual

hostname(config-ip6in4-manual)# interface ethernet0/1

hostname(config-ip6in4-manual)# destination 200.0.0.2

hostname(config-ip6in4-manual)# exit

Configuring Networks of Branch B

Step 1: Configure the interface and zone.

hostname(config)# interface ethernet0/3

hostname(config-if-eth0/1)# zone trust

hostname(config-if-eth0/1)# ip address 192.168.2.1 255.255.255.0

hostname(config-if-eth0/1)# manage ping

hostname(config-if-eth0/1)# exit

hostname(config)# interface ethernet0/4

hostname(config-if-eth0/4)# zone untrust

hostname(config-if-eth0/4)# ip address 200.0.0.4 255.255.255.0

hostname(config-if-eth0/4)# manage ping

hostname(config-if-eth0/4)# exit

Step 2: Configure the route and NAT rules.

hostname(config)# ip vrouter trust-vr

hostname(config-vrouter)# snatrule id 1 from any to any service any eif ethernet0/4 trans-to eif-ip mode dynamicport

hostname(config-vrouter)# dnatrule id 1 from 200.0.0.2 to 200.0.0.4 service any trans-to 192.168.2.254

hostname(config-vrouter)# ip route 0.0.0.0/0 200.0.0.1

hostname(config-vrouter)# exit

Step 3: Configure the policy.

hostname(config)# policy-global

hostname(config-policy)# rule id 35

Rule id 35 is created

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# src-addr any

hostname(config-policy-rule)# dst-addr any

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# exit