（NAT64）IPv6网络用户访问IPv4网络服务器(动态映射方式)

1.实验拓扑

2.配置

[FW1]dis cu
2025-05-29 10:44:44.030 
!Software Version V500R005C10SPC300
#
sysname FW1
#
ipv6
#nat64 prefix 3001:: 96
#
interface GigabitEthernet1/0/0undo shutdownip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1undo shutdownipv6 enableipv6 address 2001::1/64nat64 enable
#
firewall zone trustset priority 85add interface GigabitEthernet0/0/0add interface GigabitEthernet1/0/0
#
firewall zone untrustset priority 5add interface GigabitEthernet1/0/1
#
nat address-group 1 0mode patsection 0 1.1.1.6 1.1.1.10
#
security-policyrule name untrust->trustsource-zone untrustdestination-zone trustsource-address 2001:: 64action permit
#
nat-policyrule name nat64source-zone untrustdestination-zone trustsource-address 2001:: 64nat-type nat64action source-nat address-group 1
#

3.重点配置

[FW1]int g1/0/1

[FW1-GigabitEthernet1/0/1]ipv6  enable 

[FW1-GigabitEthernet1/0/1]ipv6  add 2001::1 64

[FW1-GigabitEthernet1/0/1]nat64 enable 

[FW1]nat64 prefix  3001:: 96

[FW1-policy-security]di th
2025-05-29 10:54:31.080 
#
security-policy
 rule name untrust->trust
  source-zone untrust
  destination-zone trust
  source-address 2001:: 64
  action permit

[FW1]nat address-group  1
[FW1-address-group-1]mode  pat 
[FW1-address-group-1]section  1.1.1.6 1.1.1.10

[FW1-policy-nat]di th
2025-05-29 10:55:32.270 
#
nat-policy
 rule name nat64
  source-zone untrust
  destination-zone trust
  source-address 2001:: 64
  nat-type nat64
  action source-nat address-group 1

4.实验验证

5.重点