Manualshelf

HP VPN Firewall Appliances NAT and ALG Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
43
Task Command
Remarks
Clear all NAT-PT statistics information. reset natpt statistics Available in user view.
The reset natpt statistics command cannot clear the statistics of total sessions and total address
mappings.
NAT-PT configuration examples
Configuring dynamic mapping on the IPv6 side
Network requirements
As shown in Figure 32, Router B with IPv6 address 2001::2/64 on an IPv6 network wants to access
Router A with IPv4 address 8.0.0.2/24 on an IPv4 network, whereas Router A cannot actively access
Router B.
To meet the preceding requirements, you need to configure Firewall that is deployed between the IPv4
network and IPv6 network as a NAT-PT device, and configure dynamic mapping policies on the IPv6 side
on Firewall so that IPv6 hosts can access IPv4 hosts but IPv4 hosts cannot access IPv6 hosts.
Figure 32 Network diagram
Configuration procedure
1. Configure Firewall (NAT-PT device):
# Configure interface addresses and enable NAT-PT on the interfaces.
<Firewall> system-view
[Firewall] ipv6
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] ip address 8.0.0.1 255.255.255.0
[Firewall-GigabitEthernet0/1] natpt enable
[Firewall-GigabitEthernet0/1] quit
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] ipv6 address 2001::1/64
[Firewall-GigabitEthernet0/2] natpt enable
[Firewall-GigabitEthernet0/2] quit
# Configure a NAT-PT prefix.
[Firewall] natpt prefix 3001::
# Configure a NAT-PT address pool.
[Firewall] natpt address-group 1 9.0.0.10 9.0.0.19