F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
43
Task Command
Remarks
Clear all NAT-PT statistics information. reset natpt statistics Available in user view.
23B
NAT-PT configuration examples
78BConfiguring dynamic mapping on the IPv6 side
140BNetwork requirements
As shown in 272HFigure 32, Router B with IPv6 address 2001::2/64 on an IPv6 network wants to access
Router A with IPv4 address 8.0.0.2/24 on an IPv4 network, whereas Router A cannot actively access
Router B.
To meet the preceding requirements, you need to configure Firewall that is deployed between the IPv4
network and IPv6 network as a NAT-PT device, and configure dynamic mapping policies on the IPv6 side
on Firewall so that IPv6 hosts can access IPv4 hosts but IPv4 hosts cannot access IPv6 hosts.
Figure 32 Network diagram
141BConfiguration procedure
1. Configure Firewall (NAT-PT device):
# Configure interface addresses and enable NAT-PT on the interfaces.
<Firewall> system-view
[Firewall] ipv6
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] ip address 8.0.0.1 255.255.255.0
[Firewall-GigabitEthernet0/1] natpt enable
[Firewall-GigabitEthernet0/1] quit
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] ipv6 address 2001::1/64
[Firewall-GigabitEthernet0/2] natpt enable
[Firewall-GigabitEthernet0/2] quit
# Configure a NAT-PT prefix.
[Firewall] natpt prefix 3001::
# Configure a NAT-PT address pool.
[Firewall] natpt address-group 1 9.0.0.10 9.0.0.19
# Associate the prefix with the address pool for IPv6 hosts accessing IPv4 hosts.
[Firewall] natpt v6bound dynamic prefix 3001:: address-group 1
2. Configure Router A on the IPv4 side:
# Configure an IP address for GigabitEthernet 0/1.