HP VPN Firewall Appliances NAT and ALG Configuration Guide

Enabling NAT-PT

After NAT-PT is enabled on both the IPv4 network interface and the IPv6 network interface, the device

can implement translation between IPv4 and IPv6 addresses.

Follow these guidelines when you enable NAT-PT:

• The natpt enable command enables both NAT-PT and Address Family Translation (AFT). For

information about AFT, see VPN Configuration Guide.

• Do not configure NAT-PT mapping policies and AFT policies on the same device.

To enable NAT-PT:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type interface-number N/A

3. Enable NAT-PT on the interface.

natpt enable Disabled by default.

Configuring a NAT-PT prefix

Follow these guidelines when you configure a NAT-PT prefix:

• The NAT-PT prefix must be different from the IPv6 address prefix of a local interface. Otherwise,

incoming packets matching the prefix get lost due to NAT-PT translation.

• To delete a NAT-PT prefix that has been referenced by using the natpt v4bound dynamic or natpt

v6bound dynamic command, you must cancel the referenced configuration first.

To configure a NAT-PT prefix:

Ste

Command

1. Enter system view.

system-view

2. Configure a NAT-PT prefix.

natpt prefix natpt-prefix [ interface interface-type

interface-number [ nexthop ipv4-address ] ]

Configuring IPv4/IPv6 address mappings on the

IPv6 side

IPv4/IPv6 address mappings on the IPv6 side can be static or dynamic.

Configuring a static mapping on the IPv6 side

A static mapping on the IPv6 side shows the one-to-one correspondence between an IPv4 address and

an IPv6 address:

• If the source IPv6 address in a packet sent from an IPv6 host to an IPv4 host matches the static

mapping, the source IPv6 address is translated into the corresponding IPv4 address.