Troubleshooting nat-pt, Symptom, Solution – H3C Technologies H3C SecPath F1000-E User Manual

44

Initiator:

Source IP/Port : 2001::0002/32768

Dest IP/Port : 3001::0005/43986

VPN-Instance/VLAN ID/VLL ID:

Responder:

Source IP/Port : 8.0.0.2/0

Dest IP/Port : 9.0.0.5/43986

VPN-Instance/VLAN ID/VLL ID:

Pro: ICMPv6(58) App: unknown State: ICMP-CLOSED

Start time: 2011-07-20 19:09:48 TTL: 25s

Root Zone(in):

Zone(out):

Received packet(s)(Init): 5 packet(s) 520 byte(s)

Received packet(s)(Reply): 5 packet(s) 420 byte(s)

Troubleshooting NAT-PT

Symptom

NAT-PT fails when a session is initiated on the IPv6 side.

Solution

•

Enable debugging for NAT-PT and locate the fault according to the debugging information of the
firewall.

•

During debugging, check whether the source address of a packet is translated successfully. If not,
it is possible that the address pool has no sufficient IP addresses.

•

You can configure a larger address pool, or use NAPT-PT to perform NAT-PT.