SonicOS 8 System

Technical Documentation>  Interfaces>  Interface settings IPv6>  Configuring IPv6 Tunnel Interfaces>  Configuring the 6to4 Auto Tunnel
Table of Contents

Configuring the 6to4 Auto Tunnel

The 6to4 Auto Tunnel is an automatic tunnel: tunnel endpoints are extracted from the encapsulated IPv6 datagram. No manual configuration is necessary. 6to4 tunnels use a prefix of the form 2002:tunnel-IPv4-address::/48 to tunnel IPv6 traffic over IPv4 (for example, if the tunnel’s IPv4 endpoint has the address a01:203, the 6to4 tunnel prefix is 2002:a01:203::1). Routers advertise a prefix of the form 2002:[IPv4]:xxxx/64 to IPv6 clients. For complete information, see RFC 3056.

In IPv6-to-IPv4 tunnel interface, customers do not need to specify the tunnel endpoint, but only need to enable the 6to4 auto tunnel. All packets with a 2002 prefix are routed to the tunnel, and the tunnel's IPv4 destination is extracted from the destination IPv6 address.

6to4 tunnels are easy to configure and use. Users must have a global IPv4 address and IPv6 address, which must also have a 2002 prefix. Therefore, in general, a user can only access network resources with a 2002 prefix.

Only one 6to4 auto tunnel can be configured on the Security Appliance.

VPN Tunnel Interfaces have automatically created IPv6 link local addresses.

To configure the 6to4 auto tunnel on the firewall

  1. Navigate to Network > System > Interfaces > Interfaces Settings.

  2. On the Interfaces Settings page, click IPv6.

  3. Click Add Interface and select Tunnel Interface. The Add Tunnel Interface dialog box is displayed.

  4. Select the Zone for the 6to4 tunnel interface. This is typically the WAN interface.

  5. In the Tunnel Type drop-down menu, select 6to4 Auto Tunnel Interface.

  6. Specify a name in the Name field. By default, the interface Name is set to 6to4 AutoTun.

  7. Turn on the Enable IPv6 6to4 Tunnel toggle button. By default, the toggle button is enabled.

  8. Optionally, you can configure one or more Management login protocols: HTTPS, Ping, or SNMP.

    Selecting HTTPS enables the Add rule to enable redirect from HTTP to HTTPS option automatically. This option cannot be selected for the other protocols.

  9. Optionally, you can configure either or both User Login protocols: HTTP or HTTPS.

    Selecting HTTPS enables the Add rule to enable redirect from HTTP to HTTPS option automatically.

  10. Click OK.