F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
45
# Configure a NAT-PT prefix.
[Firewall] natpt prefix 3001::
# Configure a static IPv4/IPv6 mapping on the IPv4 side.
[Firewall] natpt v4bound static 9.0.0.2 3001::5
# Configure a static IPv4/IPv6 mapping on the IPv6 side.
[Firewall] natpt v6bound static 2001::2 8.0.0.5
2. Configure Router A:
# Configure an IP address for GigabitEthernet 0/1.
<RouterA> system-view
[RouterA] interface gigabitethernet 0/1
[RouterA-GigabitEthernet0/1] ip address 8.0.0.2 255.255.255.0
[RouterA-GigabitEthernet0/1] quit
# Configure a static route to subnet 9.0.0.0/24.
<RouterA> system-view
[RouterA] ip route-static 9.0.0.0 24 8.0.0.1
3. Configure Router B on the IPv6 side:
# Enable IPv6.
<RouterB> system-view
[RouterB] ipv6
# Configure an IP address for GigabitEthernet 0/1.
[RouterB] interface gigabitethernet 0/1
[RouterB-GigabitEthernet0/1] ipv6 address 2001::2/64
[RouterB-GigabitEthernet0/1] quit
# Configure a static route to the subnet with the NAT-PT prefix.
[RouterB] ipv6 route-static 3001:: 16 2001::1
24B
Troubleshooting NAT-PT
80BSymptom
NAT-PT fails when a session is initiated on the IPv6 side.
81BSolution
1. Enable debugging for NAT-PT and locate the fault according to the debugging information about
the device.
2. During debugging, check whether the source address of a packet is translated successfully. If not,
it is possible that the address pool has no sufficient IP addresses.
3. You can configure a larger address pool, or use NAPT-PT to perform NAT-PT.