Method used to configure 6to4 tunnels on the USG2000 and USG5000 series

22

On the USG2000 series, configure the 6RD tunnel as follows:
USG_A and USG_B are 6to4 routers connected to boundary devices of the IPv6 and IPv4 networks. The IPv4 address of interface GigabitEthernet 1/0/1 connecting USG_A to the IPv4 network is 1.1.1.1/24. The IPv4 address of interface GigabitEthernet 1/0/1 connecting USG_B to the IPv4 network is 1.1.1.2/24. A 6to4 tunnel is established between USG_A and USG_B.

1. Configure the tunnel encapsulation type, source address, destination address, and IPv6 address of the tunnel interface of USG_A.
system-view
[USG] sysname USG_A
[USG_A] ipv6
[USG_A] interface tunnel 1
[USG_A-Tunnel1] tunnel-protocol ipv6-ipv4 6to4
[USG_A-Tunnel1] ipv6 enable
[USG_A-Tunnel1] source 1.1.1.1
[USG_B-Tunnel1] ipv6 address 2002:0101:101::1 48

2. Configure the route connecting USG_B to the IPv6 network.
[USG_A] ipv6 route-static 2002:: 16 tunnel 1

3. Configure the tunnel encapsulation type, source address, destination address, and IPv6 address of the tunnel interface of USG_B.
system-view
[USG] sysname NGFW_B
[USG_B] ipv6
[USG_B] interface tunnel 1
[USG_B-Tunnel1] tunnel-protocol ipv6-ipv4 6to4
[USG_B-Tunnel1] ipv6 enable
[USG_B-Tunnel1] source 1.1.1.2
[USG_B-Tunnel1] ipv6 address 2002:0101:102::2 48

4. Configure the route connecting USG_A to the IPv6 network.
[USG_B] ipv6 route-static 2002:: 16 tunnel 1

Other related questions:
Method used to configure ISATAP tunnels on the USG2000 and USG5000 series
On the USG2000 and USG5000 series, configure the ISATAP tunnel as follows: USG_A is a boundary device on the IPv6 and IPv4 networks. The IPv4 address of interface GigabitEthernet 1/0/1 connecting USG_A to the IPv4 network is 1.1.1.1/24. The IPv4 address of the host PC is 1.1.1.2/24. An ISATAP tunnel is established between USG_A and the PC. 1. Configure the tunnel encapsulation type, source address, and ISATAP address prefix of the tunnel interface of USG_A. system-view [USG] sysname USG_A [USG_A] ipv6 [USG_A] interface tunnel 1 [USG_A-Tunnel1] tunnel-protocol ipv6-ipv4 isatap [USG_A-Tunnel1] ipv6 enable [USG_A-Tunnel1] source 1.1.1.1 [USG_A-Tunnel1] ipv6 address 3001:: 64 eui-64 [USG_A-Tunnel1] undo ipv6 nd ra halt 2. Assume that the host PC adopts the Microsoft Windows XP Professional system. The IPv4 address configured for the host is 1.1.1.2/24. Install the IPv6 protocol on the PC, so that the PC can obtain ISATAP address prefix 3001::/64 from USG_A.

Method used to configure 6to4 tunnels on the USG6000 series
On the USG6000 series, configure the 6RD tunnel as follows: NGFW_A and NGFW_B are 6to4 routers connected to boundary devices of the IPv6 and IPv4 networks. The IPv4 address of interface GigabitEthernet 1/0/1 connecting NGFW_A to the IPv4 network is 1.1.1.1/24. The IPv4 address of interface GigabitEthernet 1/0/1 connecting NGFW_B to the IPv4 network is 1.1.1.2/24. A 6to4 tunnel is established between NGFW_A and NGFW_B. 1. Configure the tunnel encapsulation type, source address, destination address, and IPv6 address of the tunnel interface of NGFW_A. system-view [NGFW] sysname NGFW_A [NGFW_A] ipv6 [NGFW_A] interface tunnel 1 [NGFW_A-Tunnel1] tunnel-protocol ipv6-ipv4 6to4 [NGFW_A-Tunnel1] ipv6 enable [NGFW_A-Tunnel1] source 1.1.1.1 [NGFW_B-Tunnel1] ipv6 address 2002:0101:101::1 48 2. Configure the route connecting NGFW_B to the IPv6 network. [NGFW_A] ipv6 route-static 2002:: 16 tunnel 1 3. Configure the tunnel encapsulation type, source address, destination address, and IPv6 address of the tunnel interface of NGFW_B. system-view [NGFW] sysname NGFW_B [NGFW_B] ipv6 [NGFW_B] interface tunnel 1 [NGFW_B-Tunnel1] tunnel-protocol ipv6-ipv4 6to4 [NGFW_B-Tunnel1] ipv6 enable [NGFW_B-Tunnel1] source 1.1.1.2 [NGFW_B-Tunnel1] ipv6 address 2002:0101:102::2 48 4. Configure the route connecting NGFW_A to the IPv6 network. [NGFW_B] ipv6 route-static 2002:: 16 tunnel 1

Method used to configure 6RD tunnels on the USG2000 and USG5000 series
On the USG2000 series, configure the 6RD tunnel as follows: 1. Configure the 6RD tunnel type, source address, length of the 6RD prefix and IPv4 prefix, and IPv4 address of the 6RD BR on NGFW_A. system-view [USG] sysname USG_A [USG_A] ipv6 [USG_A] interface tunnel 1 [USG_A-Tunnel1] tunnel-protocol ipv6-ipv4 6rd [USG_A-Tunnel1] ipv6 enable [USG_A-Tunnel1] source 1.1.1.1 [USG_A-Tunnel1] ipv6-prefix 22::/32 [USG_A-Tunnel1] ipv4-prefix length 8 [USG_A-Tunnel1] border-relay address 1.1.1.2 2. Display the value of 6RD delegation prefix obtained after calculation. [USG_A-Tunnel1] display this # interface Tunnel1 tunnel-protocol ipv6-ipv4 6rd source 1.1.1.1 ipv6-prefix 22::/32 ipv4-prefix length 8 border-relay address 1.1.1.2 6rd-delegate-prefix 22:0:101:100::/56 # return 3. Configure the IPv6 address for the tunnel interface based on the 6RD delegation prefix, source address of the tunnel, and length of the IPv4 prefix. [USG_A-Tunnel1] ipv6 address 22:0:101:100::1 56# Configure a static route for connecting NGFW_B to the IPv6 network. (Assume that the interface address is 3001::1/64.) [USG_A] ipv6 route-static 22:: 32 Tunnel 1 [USG_A] ipv6 route-static 3001:: 64 22:0:101:200::1 4. Configure the 6RD tunnel type, source address, and length of the 6RD prefix and IPv4 prefix for NGFW_B. system-view USG] sysname USG_B [USG_B] ipv6 [USG_B] interface tunnel 1 [USG_B-Tunnel1] tunnel-protocol ipv6-ipv4 6rd [USG_B-Tunnel1] ipv6 enable [USG_B-Tunnel1] source 1.1.1.2 [USG_B-Tunnel1] ipv6-prefix 22::/32 [USG_B-Tunnel1] ipv4-prefix length 8 5. Display the value of 6RD delegation prefix obtained after calculation. [USG_B-Tunnel1] display this # interface Tunnel1 tunnel-protocol ipv6-ipv4 6rd source GigabitEthernet 1/0/1 ipv6-prefix 22::/32 ipv4-prefix length 8 6rd-delegate-prefix 22:0:101:200::/56 # return 6. Configure the IPv6 address for the tunnel interface based on the 6RD delegation prefix, source address of the tunnel, and length of the IPv4 prefix. [USG_B-Tunnel1] ipv6 address 22:0:101:200::1 56# Configure a route for connecting NGFW_A to the IPv6 network. [USG_B] ipv6 route-static 22:: 32 tunnel 1

Method used to configure IPv6 over IPv4 manual tunnels on the USG2000 and USG5000 series
On the USG2000 and USG5000 series, configure the IPv6 over IPv4 manual tunnel as follows: USG_A and USG_B are boundary devices on the IPv6 and IPv4 networks. The IPv4 address of interface GigabitEthernet 1/0/1 connecting USG_A to the IPv4 network is 1.1.1.1/24, and the IPv6 address of the interface connecting USG_A to the IPv6 network is 2011::1/64. The IPv4 address of interface GigabitEthernet 1/0/1 connecting USG_B to the IPv4 network is 1.1.1.2/24, and the IPv6 address of the interface connecting USG_B to the IPv6 network is 3011::1/64. An IPv6 over IPv4 manual tunnel is established between USG_A and USG_B. 1. Configure the tunnel encapsulation type, source address, destination address, and IPv6 address of the tunnel interface of USG_A. system-view [USG] sysname USG_A [USG_A] ipv6 [USG_A] interface tunnel 1 [USG_A-Tunnel1] tunnel-protocol ipv6-ipv4 [USG_A-Tunnel1] ipv6 enable [USG_A-Tunnel1] source 1.1.1.1 [USG_A-Tunnel1] destination 1.1.1.2 [USG_B-Tunnel1] ipv6 address 3001::1 64 2. Configure the route connecting USG_B to the IPv6 network. [USG_A] ipv6 route-static 3011:: 64 tunnel 1 3. Configure the tunnel encapsulation type, source address, destination address, and IPv6 address of the tunnel interface of USG_B. system-view [USG] sysname USG_B [USG_B] ipv6 [USG_B] interface tunnel 1 [USG_B-Tunnel1] tunnel-protocol ipv6-ipv4 [USG_B-Tunnel1] ipv6 enable [USG_B-Tunnel1] source 1.1.1.2 [USG_B-Tunnel1] destination 1.1.1.1 [USG_B-Tunnel1] ipv6 address 3001::2 64 4. Configure the route connecting USG_A to the IPv6 network. [USG_B] ipv6 route-static 2011:: 64 tunnel 1

Method used to clear the configuration (restoring the factory settings) on the USG2000, USG5000, and USG6000.
The method used to clear the configuration *restoring the factory settings) on USG firewalls is as follows: 1. Hardware methods: Press and hold the RESET button on the device to boot based on the default configuration. Note: It is recommended that you press and hold the RESET button to restore to the default factory settings before the system is powered on. Note the following: You must press the RESET button for more than 10s. Release the RESET button before the system prompts to press Ctrl+B. You can restore the default configuration as follows: If the device is not powered on, press the RESET button and then power on the device. When six indicators on the panel blink at a frequency of about 2 Hz, release the RESET button. The device will boot using the default configuration. If the device is powered on, press and hold the RESET button and then release it in 10s. When you press Ctrl+B, six indicators on the panel blink at a frequency of about 2 Hz, indicating that the device successfully restores to the factory settings. Note: Before powering on the device, press and hold the RESET button. If the indicators blink immediately after you release the button, the button is successfully activated. You must release the RESET button in 10s after the device is powered on. Indicators blink only when the system prompts to press Ctrl+B instead of immediately blinking after the button is released. Do not press the RESET button for multiple times during the system boot. Otherwise, the system fails to restore the default configuration. After the system prompts to press Ctrl+B, if you press the RESET button during system boot or running, the system is not restarted and does not restore to default factory settings. It is recommended that you save the current configuration before pressing the RESET button. 2. Web UI: For the USG2000 and USG5000, on the web UI, choose System > Maintenance > Configuration Management, and click Restore Factory Configuration. For the USG6000, on the Web UI, choose System > Profile Management, and click Restore Factory Configuration. 3. CLI: reset saved-configuration (Clear the saved configuration.) 10:25:15 2015/03/13 The action will delete the saved configuration in the device. The configuration will be erased to reconfigure. Are you sure?[Y/N]y (The configuration will be cleared. Confirm? Press Y.) Now clearing the configuration in the device. 2015-03-13 10:25:19 FW %%01CFM/4/RST_CFG(l): When deciding whether to reset the saved configuration, the user presses Y. Info:Clear the configuration in the device successfully (Successfully cleared) reboot (Restart the device.) 10:25:31 2015/03/13 System will reboot, could you want to save current configuration [Y/N]?n (The system will restart. Save the current configuration? Press N. If you press Y, the original configuration is saved again and the configuration is not cleared.) System will reboot! Continue?[Y/N]:y (The device will restart. Press Y.) After the device is restarted, the configuration is cleared.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top