R3721-F3210-F3171-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101
42
Figure 31 Network diagram
Configuring Firewall B
# Configure interface addresses and enable NAT-PT on the interfaces.
<FirewallB> system-view
[FirewallB] ipv6
[FirewallB] interface GigabitEthernet 0/1
[FirewallB-GigabitEthernet0/1] ip address 8.0.0.1 255.255.255.0
[FirewallB-GigabitEthernet0/1] natpt enable
[FirewallB-GigabitEthernet0/1] quit
[FirewallB] interface GigabitEthernet 0/2
[FirewallB-GigabitEthernet0/2] ipv6 address 2001::1/64
[FirewallB-GigabitEthernet0/2] natpt enable
[FirewallB-GigabitEthernet0/2] quit
# Configure a NAT-PT prefix.
[FirewallB] natpt prefix 3001::
# Configure a static IPv4/IPv6 mapping on the IPv4 side.
[FirewallB] natpt v4bound static 9.0.0.2 3001::5
# Configure a static IPv4/IPv6 mapping on the IPv6 side.
[FirewallB] natpt v6bound static 2001::2 8.0.0.5
Configuring Firewall A
# Configure a static route to subnet 9.0.0.0/24.
<FirewallA> system-view
[FirewallA] ip route-static 9.0.0.0 24 8.0.0.1
Configuring Firewall C on the IPv6 side
# Enable IPv6.
<FirewallC> system-view
[FirewallC] ipv6
# Configure a static route to the subnet with the NAT-PT prefix.
[FirewallC] ipv6 route-static 3001:: 16 2001::1
Verifying the configuration
After the above configurations, using the ping 9.0.0.5 command on Firewall A can receive responses,
and you can view the following NAT-PT session information on Firewall B using the display command.
[FirewallB]display session table verbose
Initiator:
Source IP/Port : 8.0.0.2/2048
Dest IP/Port : 9.0.0.5/1
VPN-Instance/VLAN ID/VLL ID: