F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
36
2. Translates the source IP address.
The NAT-PT device translates the source IPv6 address of the packet into an IPv4 address according
to the static or dynamic mapping on the IPv6 side.
3. Translates the destination IP address.
The NAT-PT device translates the destination IPv6 address of the packet into an IPv4 address
according to the static mapping, if configured, on the IPv4 network side. Without any static
mapping configured on the IPv4 network side, if the lowest 32 bits of the destination IPv6 address
in the packet can be directly translated into a valid IPv4 address, the destination IPv6 address is
translated into that IPv4 address. Otherwise, the translation fails.
4. Forwards the packet and stores the mappings.
After the source and destination IPv6 addresses of the packet are translated into IPv4 addresses,
the NAT-PT device forwards the packet to the IPv4 host. Meanwhile, the IPv4/IPv6 address
mappings are stored in the NAT-PT device.
5. Forwards the reply packet according to the stored mappings.
Upon receiving a reply packet from the IPv4 host to the IPv6 host, the NAT-PT device swaps the
source and destination IPv4 addresses according to the stored mappings and forwards the packet
to the IPv6 host.
139BSession initiated by an IPv4 host
The NAT-PT implementation process for a session initiated by an IPv4 host is as follows:
1. Determines whether to perform NAT-PT.
Upon receiving a packet from an IPv4 host to an IPv6 host, the NAT-PT device checks the
destination IPv4 address in the packet against the static mappings configured on the IPv6 network
side. If a match is found, the device considers that the packet needs to be forwarded to the IPv6
network and NAT-PT needs to be performed.
2. Translates the source IP address.
The NAT-PT device translates the source IPv4 address of the packet into an IPv6 address according
to the static or dynamic mapping on the IPv4 side. If no mapping is configured on the IPv4 side,
the source IPv4 address with the first configured NAT-PT prefix is used as the translated source IPv6
address.
3. Translates the destination IP address.
The NAT-PT device translates the destination IPv4 address of the packet into an IPv6 address
according to the static mapping on the IPv6 side.
4. Forwards the packet and stores the mappings.
After the source and destination IPv4 addresses of the packet are translated into IPv6 addresses,
the NAT-PT device forwards the packet to the IPv6 host. Meanwhile, the IPv4/IPv6 address
mappings are stored in the NAT-PT device.
5. Forwards the reply packet according to the stored mappings.
Upon receiving a reply packet from the IPv6 host to the IPv4 host, the NAT-PT device swaps the
source and destination IPv6 addresses according to the stored mappings and forwards the packet
to the IPv4 host.