Manualshelf

HP VPN Firewall Appliances NAT and ALG Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
35
NAPT-PT
Network Address Port Translation–Protocol Translation (NAPT-PT) realizes the TCP/UDP port
number translation besides static or dynamic address translation. With NAPT-PT, different IPv6
addresses can correspond to one IPv4 address. Different IPv6 hosts are distinguished by different
port numbers so that these IPv6 hosts can share one IPv4 address to accomplish the address
translation and save IPv4 addresses.
NAT-PT prefix
The 96-bit NAT-PT prefix in the IPv6 address prefix format is used in the following cases:
Upon receiving a packet from an IPv6 host to an IPv4 host, the NAT-PT device detects the prefix of
the destination IPv6 address in the packet. If the prefix is the same as the configured NAT-PT prefix,
the device translates source and destination IPv6 addresses of the packet into IPv4 addresses.
After a packet from an IPv4 host to an IPv6 host is translated through NAT-PT, the prefix of the
translated source IPv6 address is the configured NAT-PT prefix.
Implementing NAT-PT
Session initiated by an IPv6 host
Figure 31 NAT-PT implementation (session initiated by an IPv6 host)
NAT-PT works as follows:
1. Determines whether to perform NAT-PT.
Upon receiving a packet from an IPv6 host to an IPv4 host, the NAT-PT device detects the prefix of
the destination IPv6 address in the packet. If the prefix is the same as the configured NAT-PT prefix,
the device considers that the packet needs to be forwarded to the IPv4 network and NAT-PT needs
to be performed.
2. Translates the source IP address.
The NAT-PT device translates the source IPv6 address of the packet into an IPv4 address according
to the static or dynamic mapping on the IPv6 side.
3. Translates the destination IP address.
The NAT-PT device translates the destination IPv6 address of the packet into an IPv4 address
according to the static mapping, if configured, on the IPv4 network side. Without any static
mapping configured on the IPv4 network side, if the lowest 32 bits of the destination IPv6 address
in the packet can be directly translated into a valid IPv4 address, the destination IPv6 address is
translated into that IPv4 address. Otherwise, the translation fails.