1.实验拓扑
2.配置
[FW1]dis cu
2025-05-29 10:44:44.030
!Software Version V500R005C10SPC300
#
sysname FW1
#
ipv6
#
nat64 prefix 3001:: 96
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1
undo shutdown
ipv6 enable
ipv6 address 2001::1/64
nat64 enable
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/0
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/1
#
nat address-group 1 0
mode pat
section 0 1.1.1.6 1.1.1.10
#
security-policy
rule name untrust->trust
source-zone untrust
destination-zone trust
source-address 2001:: 64
action permit
#
nat-policy
rule name nat64
source-zone untrust
destination-zone trust
source-address 2001:: 64
nat-type nat64
action source-nat address-group 1
#3.重点配置
[FW1]int g1/0/1
[FW1-GigabitEthernet1/0/1]ipv6 enable
[FW1-GigabitEthernet1/0/1]ipv6 add 2001::1 64
[FW1-GigabitEthernet1/0/1]nat64 enable
[FW1]nat64 prefix 3001:: 96
[FW1-policy-security]di th
2025-05-29 10:54:31.080
#
security-policy
rule name untrust->trust
source-zone untrust
destination-zone trust
source-address 2001:: 64
action permit[FW1]nat address-group 1
[FW1-address-group-1]mode pat
[FW1-address-group-1]section 1.1.1.6 1.1.1.10[FW1-policy-nat]di th
2025-05-29 10:55:32.270
#
nat-policy
rule name nat64
source-zone untrust
destination-zone trust
source-address 2001:: 64
nat-type nat64
action source-nat address-group 1
4.实验验证
5.重点
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
