NAT46 IP pools and secondary NAT64 prefixes
Policies that translate between IPv4 and IPv6 can use IPv4 address pools or IPv6 prefixes.
NAT46
For using the ippool in NAT46 policies, first enable the use of ippools and then set the names of the ippool(s).
config firewall policy46
edit 1
set uuid e9c6ca3e-72ea-51e7-554a-1185693d03eb
set srcintf "wan1"
set dstintf "internal7"
set srcaddr "external-net4"
set dstaddr "internal-vip46"
set action accept
set schedule "always"
set service "ALL"
set ippool enable
set poolname "intit-pool6"
end
NAT64
In order to use these options in the NAT64 firewall policies the new settings secondary-prefix
status and secondary-prefix
options have to be configured as in the example below.
config system nat64
set nat64-prefix 2001::/96
set secondary-prefix enable
config secondary-prefix
edit 1
set nat64-prefix 2002::/94
next
edit 2
set nat64-prefix 2003::/95
end
end
The primary prefix must have a length of 96, but the secondary prefixes can be different lengths |