F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
35
70BBasic concepts
136BNAT-PT mechanism
There are three NAT-PT mechanisms to realize translation between IPv4 and IPv6 addresses: static
mapping, dynamic mapping, and NAPT-PT:
• Static mapping
Static mappings are manually configured for translation between IPv6 and IPv4 addresses.
• Dynamic mapping
Dynamic mappings are dynamically generated for translation between IPv6 and IPv4 addresses.
Different from static mappings, dynamic mappings are not fixed one-to-one mappings between
IPv6 and IPv4 addresses.
• NAPT-PT
Network Address Port Translation–Protocol Translation (NAPT-PT) realizes the TCP/UDP port
number translation besides static or dynamic address translation. With NAPT-PT, different IPv6
addresses can correspond to one IPv4 address. Different IPv6 hosts are distinguished by different
port numbers so that these IPv6 hosts can share one IPv4 address to accomplish the address
translation and save IPv4 addresses.
137BNAT-PT prefix
The 96-bit NAT-PT prefix in the IPv6 address prefix format is used in the following cases:
• Upon receiving a packet from an IPv6 host to an IPv4 host, the NAT-PT device detects the prefix of
the destination IPv6 address in the packet. If the prefix is the same as the configured NAT-PT prefix,
the device translates source and destination IPv6 addresses of the packet into IPv4 addresses.
• After a packet from an IPv4 host to an IPv6 host is translated through NAT-PT, the prefix of the
translated source IPv6 address is the configured NAT-PT prefix.
71BImplementing NAT-PT
138BSession initiated by an IPv6 host
Figure 31 NAT-PT implementation (session initiated by an IPv6 host)
NAT-PT works as follows:
1. Determines whether to perform NAT-PT.
Upon receiving a packet from an IPv6 host to an IPv4 host, the NAT-PT device detects the prefix of
the destination IPv6 address in the packet. If the prefix is the same as the configured NAT-PT prefix,
the device considers that the packet needs to be forwarded to the IPv4 network and NAT-PT needs
to be performed.