1、网络拓扑图
链接:https://pan.baidu.com/s/1l3kZc7eYFVhGQ9V8Z1zI2A
提取码:8888
eNSP
链接:https://pan.baidu.com/s/1wP0vHim4yqVV0bc0wmzhFw
提取码:8888
2、网络需求
在防火墙上配置NAT64实现IPv4和IPv6通信。
3、配置
配置NAT64的IPv6前缀:
[FW] nat64 prefix 3001:: 96
3.1、FW1的配置
display current-configuration
22:23:39 2020/11/14
stp region-configuration
region-name e81582044529
active region-configuration
interface GigabitEthernet0/0/0
alias GE0/MGMT
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
interface GigabitEthernet0/0/4
interface GigabitEthernet0/0/5
interface GigabitEthernet0/0/6
interface GigabitEthernet0/0/7
interface GigabitEthernet0/0/8
interface NULL0
alias NULL0
firewall zone local
set priority 100
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/1
firewall zone dmz
set priority 50
aaa
local-user admin password cipher % % Yj1S%LcW/3rE@GLXW;b!/+"v% %
local-user admin service-type web terminal telnet
local-user admin level 15
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
nqa-jitter tag-version 1
banner enable
user-interface con 0
authentication-mode none
user-interface vty 0 4
authentication-mode none
protocol inbound all
slb
right-manager server-group
sysname FW1
l2tp domain suffix-separator @
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction outboun
d
firewall packet-filter default permit interzone local dmz direction outbound
ip df-unreachables enable
ipv6
firewall ipv6 session link-state check
firewall ipv6 statistic system enable
dns resolve
firewall statistic system enable
pki ocsp response cache refresh interval 0
pki ocsp response cache number 0
undo dns proxy
license-server domain lic.huawei.com
nat64 address-group 1 172.16.0.0 172.16.0.254
nat64 prefix 3001:: 96
web-manager enable
policy ipv6 interzone trust untrust inbound
policy 10
action permit
policy source 2001:: 64
nat64-policy interzone trust untrust inbound
policy 10
action nat64
address-group 1
return