Manualshelf

R3721-F3210-F3171-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
41424344454647484950
43
Responder:
Source IP/Port : 2001::0002/33024
Dest IP/Port : 3001::0005/1
VPN-Instance/VLAN ID/VLL ID:
Pro: ICMP(1) App: unknown State: ICMP-CLOSED
Start time: 2011-07-20 19:08:44 TTL: 10s
Root Zone(in):
Zone(out):
Received packet(s)(Init): 5 packet(s) 420 byte(s)
Received packet(s)(Reply): 5 packet(s) 520 byte(s)
Using the ping ipv6 3001::5 command on Firewall C can receive response packets, and you can view
the following NAT-PT session information on Firewall B by using the display command.
[FirewallB]display session table verbose
Initiator:
Source IP/Port : 2001::0002/32768
Dest IP/Port : 3001::0005/43986
VPN-Instance/VLAN ID/VLL ID:
Responder:
Source IP/Port : 8.0.0.2/0
Dest IP/Port : 9.0.0.5/43986
VPN-Instance/VLAN ID/VLL ID:
Pro: ICMPv6(58) App: unknown State: ICMP-CLOSED
Start time: 2011-07-20 19:09:48 TTL: 25s
Root Zone(in):
Zone(out):
Received packet(s)(Init): 5 packet(s) 520 byte(s)
Received packet(s)(Reply): 5 packet(s) 420 byte(s)
Troubleshooting NAT-PT
Symptom
NAT-PT fails when a session is initiated on the IPv6 side.
Solution
Enable debugging for NAT-PT and locate the fault according to the debugging information of the
firewall.
During debugging, check whether the source address of a packet is translated successfully. If not,
it is possible that the address pool has no sufficient IP addresses.
You can configure a larger address pool, or use NAPT-PT to perform NAT-PT.