Nat-pt configuration examples, Configuring dynamic mapping on the ipv6 side, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

41

NAT-PT configuration examples

Configuring dynamic mapping on the IPv6 side

Network requirements

As shown in

Figure 31

, SecPath C with IPv6 address 2001::2/64 on an IPv6 network wants to access

SecPath A with IPv4 address 8.0.0.2/24 on an IPv4 network, whereas SecPath A cannot actively access
SecPath C.
To meet the preceding requirements, you need to configure SecPath B that is deployed between the IPv4

network and IPv6 network as a NAT-PT device, and configure dynamic mapping policies on the IPv6 side

on SecPath B so that IPv6 hosts can access IPv4 hosts but IPv4 hosts cannot access IPv6 hosts.

Figure 31 Network diagram

Configuring SecPath B (NAT-PT device)

# Configure interface addresses and enable NAT-PT on the interfaces.

<SecPathB> system-view

[SecPathB] ipv6

[SecPathB] interface GigabitEthernet 0/1

[SecPathB-GigabitEthernet0/1] ip address 8.0.0.1 255.255.255.0

[SecPathB-GigabitEthernet0/1] natpt enable

[SecPathB-GigabitEthernet0/1] quit

[SecPathB] interface GigabitEthernet 0/2

[SecPathB-GigabitEthernet0/2] ipv6 address 2001::1/64

[SecPathB-GigabitEthernet0/2] natpt enable

[SecPathB-GigabitEthernet0/2] quit

# Configure a NAT-PT prefix.

[SecPathB] natpt prefix 3001::

# Configure a NAT-PT address pool.

[SecPathB] natpt address-group 1 9.0.0.10 9.0.0.19

# Associate the prefix with the address pool for IPv6 hosts accessing IPv4 hosts.

[SecPathB] natpt v6bound dynamic prefix 3001:: address-group 1

Configuring SecPath A on the IPv4 side

# Configure a static route to subnet 9.0.0.0/24.

<SecPathA> system-view

[SecPathA] ip route-static 9.0.0.0 24 8.0.0.1

Configuring SecPath C on the IPv6 side

# Enable IPv6.