Manualshelf

R3721-F3210-F3171-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
41424344454647484950
41
Configuring Firewall A on the IPv4 side
# Configure a static route to subnet 9.0.0.0/24.
<FirewallA> system-view
[FirewallA] ip route-static 9.0.0.0 24 8.0.0.1
Configuring Firewall C on the IPv6 side
# Enable IPv6.
<FirewallC> system-view
[FirewallC] ipv6
# Configure a static route to the subnet with the NAT-PT prefix.
[FirewallC] ipv6 route-static 3001:: 16 2001::1
Verifying the configuration
If you carry out the ping ipv6 3001::0800:0002 command on Firewall C after completing the
configurations, response packets can be received.
You can see on Firewall B the established NAT-PT session.
<FirewallB>display session table verbos
Initiator:
Source IP/Port : 2001::0002/32768
Dest IP/Port : 3001::0800:0002/43984
VPN-Instance/VLAN ID/VLL ID:
Responder:
Source IP/Port : 8.0.0.2/0
Dest IP/Port : 9.0.0.10/12289
VPN-Instance/VLAN ID/VLL ID:
Pro: ICMPv6(58) App: unknown State: ICMP-CLOSED
Start time: 2011-07-20 18:41:29 TTL: 26s
Root Zone(in):
Zone(out):
Received packet(s)(Init): 5 packet(s) 520 byte(s)
Received packet(s)(Reply): 5 packet(s) 420 byte(s)
Configuring static mappings on the IPv4 side and the IPv6 side
Network requirements
As shown in Figure 31, Firewall C with IPv6 address 2001::2/64 on an IPv6 network can communicate
with Firewall A with IPv4 address 8.0.0.2/24 on an IPv4 network.
To meet the preceding requirement, you need to configure Firewall B that is deployed between the IPv4
network and IPv6 network as a NAT-PT device, and configure static mappings on the IPv4 side and IPv6
side on Firewall B, so that Firewall A and Firewall C can communicate with each other.