IPv4 and IPv6 Internet and WAN Settings

61

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Configure a PPPoE IPv6 Internet Connection

To configure a PPPoE IPv6 Internet connection, you need to enter the PPPoE IPv6

information that you should have received from your ISP.



To configure PPPoE IPv6 ISP settings for a WAN interface:

1.

Select

Network Configuration > WAN Settings > WAN Setup

.

2.

In the upper right of the screen, select the

IPv6

radio button. The WAN Setup screen

displays the IPv6 settings:

Figure 35.

The IPv6 WAN Settings table displays the following fields:

•

WAN

. The WAN interface (WAN1, WAN2, WAN3, and WAN4).

•

Status

. The status of the WAN interface (UP or DOWN).

•

WAN IP

. The IPv6 address of the WAN interface.

•

Action

. The Edit table button provides access to the WAN IPv6 ISP Settings screen

(see

Step

3

) for the corresponding WAN interface; the Status button provides access

to the Connection Status screen (see

Step

7

) for the corresponding WAN interface.

3.

Click the

Edit

table button in the Action column of the WAN interface for which you want to

automatically configure the connection to the Internet. The WAN IPv6 ISP Settings screen

displays. (The following figure shows the WAN2 IPv6 ISP Settings screen as an example.)

IPv4 and IPv6 Internet and WAN Settings

62

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 36.

4.

In the Internet Address section of the screen, from the IPv6 drop-down list, select

PPPoE

.

5.

In the PPPoE IPv6 section of the screen, enter the settings as described in the following

table. You should have received PPPoE IPv6 information from your ISP:

Table 10.

WAN IPv6 ISP Settings screen settings for a PPPoE IPv6 connection

Setting

Description

User Name

The PPPoE user name that is provided by your ISP.

Password

The PPPoE password that is provided by your ISP.

IPv4 and IPv6 Internet and WAN Settings

63

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

6.

Click

Apply

to save your changes.

7.

Verify the connection:

a.

Select

Network Configuration > WAN Settings > WAN Setup

.

b.

In the upper right of the screen, select the

IPv6

radio button. The WAN Setup screen

displays the IPv6 settings (see

Figure

35

on page

61).

c.

In the Action column, click the

Status

button of the WAN interface for which you

want to display the Connection Status pop-up screen. (See

Figure

34

on page

60,

which shows a static IP address configuration; the screen for PPPoE is similar.)

The Connection Status screen should show a valid IP address and gateway, and you are

connected to the Internet. If the configuration was not successful, see

Troubleshoot the

ISP Connection

on page

396.

Note:

For more information about the Connection Status screen, see

View

the WAN Port Status

on page

382.

DHCPv6 Option

From the DHCPv6 Option drop-down list, select one of the following DHCPv6

server options, as directed by your ISP:

•

Disable-DHCPv6

. DHCPv6 is disabled. You need to specify the DNS servers

in the Primary DNS Server and Secondary DNS Server fields in order to

receive an IP address from the ISP.

•

DHCPv6 StatelessMode

. The VPN firewall generates its own IP address by

using a combination of locally available information and router

advertisements, but receives DNS server information from the ISP’s DHCPv6

server. Router advertisements include a prefix that identifies the subnet that

is associated with the WAN port. The IP address is formed by combining this

prefix and the MAC address of the WAN port. The IP address is a dynamic

address.

•

DHCPv6 StatefulMode

. The VPN firewall obtains an interface address,

configuration information such as DNS server information, and other

parameters from the ISP’s DHCPv6 server. The IP address is a dynamic

address.

•

DHCPv6 Prefix Delegation

. The VPN firewall obtains a prefix from the ISP’s

DHCPv6 server through prefix delegation, for example, 2001:db8:: /64. The

VPN firewall’s own stateless DHCPv6 server can assign this prefix to its IPv6

LAN clients. For more information about prefix delegation, see

Stateless

DHCPv6 Server With Prefix Delegation

on page

103.

Primary DNS Server

If you have selected the Disable-DHCPv6 from the DHCPv6 Options drop-down

list, the IPv6 IP address of the ISP’s primary DNS server.

Secondary DNS Server

If you have selected the Disable-DHCPv6 from the DHCPv6 Options drop-down

list, the IPv6 IP address of the ISP’s secondary DNS server.

Table 10.

WAN IPv6 ISP Settings screen settings for a PPPoE IPv6 connection (continued)

Setting

Description

IPv4 and IPv6 Internet and WAN Settings

64

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Note:

If your ISP requires MAC authentication and another MAC address

has been previously registered with your ISP, you need to enter that

address on the WAN Advanced Options screen for the

corresponding WAN interface (see

Configure Advanced WAN

Options and Other Tasks

on page

71).

Configure 6to4 Automatic Tunneling

If your network is an isolated IPv6 network that is not connected to an IPv6 ISP, you need to

make sure that the IPv6 packets can travel over the IPv4 Internet backbone by enabling

automatic 6to4 tunneling.

6to4 is a WAN tunnel mechanism for automatic tunneling of IPv6 traffic between a device with

an IPv6 address and a device with an IPv4 address, or the other way around. 6to4 tunneling

is used to transfer IPv6 traffic between LAN IPv6 hosts and WAN IPv6 networks over the IPv4

network.

With 6to4 tunnels, IPv6 packets are embedded within the IPv4 packet and then transported

over the IPv4 network. You do not need to specify remote tunnel endpoints, which are

automatically determined by relay routers on the Internet. You cannot use 6to4 tunnels for

traffic between IPv4-only devices and IPv6-only devices.

Note:

If the VPN firewall functions as the endpoint for 6to4 tunnels in your

network, make sure that the VPN firewall has a static IPv4 address

(see

Manually Configure an IPv4 Internet Connection

on page

34). A

dynamic IPv4 address can cause routing problems on the 6to4

tunnels.

Note:

If you do not use a stateful DHCPv6 server in your LAN, you need to

configure the Router Advertisement Daemon (RADVD), and set up

6to4 advertisement prefixes for 6to4 tunneling to function correctly.

For more information, see

Manage the IPv6 LAN

on page

102.

Typically, 6to4 tunnel addresses start with a 2002 prefix (decimal notification). On the VPN

firewall, a 6to4 tunnel is indicated by sit0-WAN1 (see

View the Tunnel Status and IPv6

Addresses

on page

67).



To enable 6to4 automatic tunneling:

1.

Select

Network Configuration > WAN Settings > 6 to 4 Tunneling

. The 6

to

4

Tunneling screen displays.

IPv4 and IPv6 Internet and WAN Settings

65

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 37.

2.

Select the

Enable Automatic Tunneling

check box.

3.

Click

Apply

to save your changes.

Configure ISATAP Automatic Tunneling

If your network is an IPv4 network or IPv6 network that consists of both IPv4 and IPv6

devices, you need to make sure that the IPv6 packets can travel over the IPv4 intranet by

enabling and configuring Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

tunneling.

ISATAP is a LAN tunnel mechanism in which the IPv4 network functions as a virtual IPv6

local link. Each IPv4 address is mapped to a link-local IPv6 address, that is, the IPv4 address

is used in the interface portion of the IPv6 address. ISATAP tunneling is used intra-site, that

is, between addresses in the LAN. For more information about link-local addresses, see

Manage the IPv6 LAN

on page

102.

Note:

If you do not use a stateful DHCPv6 server in your LAN, you need to

configure the Router Advertisement Daemon (RADVD), and set up

ISATAP advertisement prefixes (which are referred to as

Global/Local/ISATAP prefixes) for ISATAP tunneling to function

correctly. For more information, see

Manage the IPv6 LAN

on

page

102.

The VPN firewall determines the link-local address by concatenating the IPv6 address with

the 32 bits of the IPv4 host address:

•

For a unique global address:

fe80:0000:0000:0000:0000:5efe (or fe80::5efe) is concatenated with the IPv4 address.

For example, fe80::5efe with 10.29.33.4 becomes fe80::5efe:10.29.33.4, or in

hexadecimal format, fe80::5efe:a1d:2104.

•

For a private address:

fe80:0000:0000:0000:0200:5efe (or fe80::200:5efe) is concatenated with the IPv4

address. For example, fe80::200:5efe with 192.168.1.1 becomes

fe80::200:5efe:192.168.1.1, or in hexadecimal format, fe80::200:5efe:c0a8:101.