F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
37
72BNAT-PT limitations
Because of the following limitations, NAT-PT is not recommended in some applications. For example,
tunneling is recommended in the case where an IPv6 host needs to communicate with another IPv6 host
across an IPv4 network.
• In NAT-PT translation, the request and response packets of a session must be processed by the same
NAT-PT device.
• The Options field in the IPv4 packet header cannot be translated.
• NAT-PT does not provide end-to-end security.
For more information about tunneling, see VPN Configuration Guide.
NAT-PT supports ICMP, DNS, FTP, and other protocols that employ the network layer protocol but have
no address information in the protocol messages.
73BProtocols and standards
• RFC 2765, Stateless IP/ICMP Translation Algorithm
• RFC 2766, Network Address Translation - Protocol Translation (NAT-PT)
13B
NAT-PT configuration task list
Complete the following tasks to configure NAT-PT to allow active access from an IPv4 host to an IPv6 host:
Task Remarks
261H
Enabling NAT-PT Required.
262H
Configuring a NAT-PT prefix Required.
263H
Configuring IPv4/IPv6 address mappings on the IPv6 side
Required.
264H
Configuring a static mapping on the IPv4 side
Optional.
If no static IPv4/IPv6 address mapping is
configured, the lowest 32 bits of the destination
IPv6 address is used as the translated destination
IPv4 address.
265H
Setting the ToS field after NAT-PT translation Optional.
Complete the following tasks to configure NAT-PT to allow active access from an IPv4 host to an IPv6 host:
Task Remarks
266H
Enabling NAT-PT Required.
267H
Configuring a NAT-PT prefix Required.
268H
Configuring IPv4/IPv6 address mappings on the IPv4 side
Optional.
If no IPv4/IPv6 address mapping is configured,
the source IPv4 address added with the first
configured NAT-PT prefix is used as the translated
source IPv6 address.