Login
- Table of Contents
-
- 03-Policies
- 01-Security policy
- 02-Attack defense
- 03-Connection limit
- 04-uRPF
- 05-NAT
- 06-AFT
- 07-Application audit
- 08-Bandwidth management
- 09-Load balancing common configuration
- 10-Server load balancing
- 11-Outbound link load balancing
- 12-Inbound link load balancing
- 13-Transparent DNS proxy
- 14-Application proxy
- 15-NetShare control
- 16-Security policy hit analysis
- 17-Security policy redundancy analysis
- 18-Global load balancing
- 19-IP reputation
- 20-NAT66
- 21-Server connection detection
- 22-Security policy optimization
- 23-Server load balancing
- 24-Load balancing common configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 20-NAT66 | 121.08 KB |
This help contains the following topics:
¡ Restrictions and guidelines: NAT66 prefix translation
¡ Configure NAT66 prefix translation
Introduction
IPv6-to-IPv6 Network Address Translation (NAT66) translates an IPv6 address in the IPv6 header to another IPv6 address. NAT66 is configured on edge devices of IPv6 networks to allow private users to access external networks and external users to access private network resources such as a Web server.
NAT66 prefix translation
NAT66 prefix translation, also known as IPv6-to-IPv6 Network Prefix Translation (NPTv6), replaces the IPv6 prefix in an IPv6 address of the packet header with another IPv6 prefix. NAT66 prefix translation supports the following translation methods:
· Source address translation—Translates prefixes in source IPv6 addresses when users in the internal network access the external network.
· Destination address translation—Translates prefixes in destination IPv6 addresses when users in the external network access servers in the internal network.
NAT66 prefix translation uses the IPv6 prefix as the packet match criterion.
Restrictions and guidelines
Restrictions and guidelines: NAT66 prefix translation
· Source prefix translation rules on different interfaces do not support mapping different internal prefixes to the same external prefix.
· Destination prefix translation rules on different interfaces do not support mapping the same external prefix to different internal prefixes.
· Each source or destination prefix translation rule on one interface must be unique.
Configure NAT66
NAT66 can be performed in the inbound or outbound direction.
· Inbound NAT—Performs address translation for packets received on an interface, as shown in Figure 1.
· Outbound NAT—Performs address translation for packets to be sent out of an interface, as shown in Figure 2.
Configure NAT66 prefix translation
1. Click the Policies tab.
2. In the navigation pane, select NAT66 > NAT66 Prefix Translation.
3. Click Create.
4. Configure a NAT66 prefix translation rule as shown in Table 1.
Table 1 Configuration items for NAT66 prefix translation
|
Item |
Description |
||
|
Interface |
Interface to which the NAT66 prefix translation rule is applied. |
||
|
Translation method |
Select one of the following translation methods: · Source address translation—Translates the source IP address of packets to be sent out of the interface. · Destination address translation—Translates the destination IP address of packets received on the interface. |
||
|
PAT |
Enable the source port translation for matching packets. The option is available only when the translation method is source address translation. |
||
|
Protocol type |
Specify a protocol type. If you do not specify this option, translation is performed on packets of all protocols. The option is available only when the translation method is destination address translation. |
||
|
IPv6 prefix/prefix length before NAT |
IPv6 prefix and prefix length for packet match. · For source address translation, the IPv6 address prefix and prefix length are used to identify the matching source IPv6 address in the packet header. · For destination address translation, the IPv6 address prefix and prefix length are used to identify the matching destination IPv6 address in the packet header. |
||
|
Port before NAT |
Specify a port number used to match the source port in the packet header. The option is available only when the protocol type is 6 (TCP) or 17 (UDP). |
||
|
IPv6 prefix/prefix length after NAT |
IPv6 prefix and prefix length used to replace the prefix in the source or destination IPv6 address of the matching packets.
|
||
|
Port after NAT |
Specify a port number used to replace the source port number of matching packets. The option is available only when the protocol type is 6 (TCP) or 17 (UDP). |
5. Click OK.
