1686755932,CRM论坛（CRMbbs.com）——一个让用户更懂CRM的垂直性行业内容平台,CRM论坛致力于互联网、客户管理、销售管理、SCRM私域流量内容输出5年。 如果您有好的内容，欢迎向我们投稿，共建CRM多元化生态体系，创建CRM客户管理一体化生态解决方案。内容来源：知了社区Lijq Lijq 零段 粉丝：0人 关注：0人

问题描述：

为实现ipv6外部访问内部ipv4服务，在LB100-A上先采用AFT配置，后用NATPT配置，均发现IPV6转IPV4正常，目标设备回了ipv4包，但不能正常转回V6，debug日志如下：

debugging natpt all

debugging ip pac acl 3088

(240E:410:11:4644:1768:6D40:1246:E7C9 : 10431 - 2408:8634:601:A0::A53:BF03 : 0) 

(3.0.0.1 : 10431 - 10.83.191.3 : 0) 

*Jun 14 18:17:32:752

 Pro : ICMP 

 TTL : 244

 IPv6 packet is translated to IPv4 packet. 

(240E:410:11:4644:1768:6D40:1246:E7C9 : 10431 - 2408:8634:601:A0::A53:BF03 : 0)

 (3.0.0.1 : 10431 - 10.83.191.3 : 0) 

*Jun 14 18:17:32:753

 Sending, interface = GigabitEthernet0/3, version = 4, headlen =

 pktlen = 84, pktid = 0, offset = 0, ttl = 244, protocol = 1, 

 checksum = 47697, s = 3.0.0.1, d = 10.83.191.3 

prompt: Sending the packet from local 

 *Jun 14 18:17:32:753

 Receiving, interface = GigabitEthernet0/3, version = 4, headlen =

 pktlen = 84, pktid = 58807, offset = 0, ttl = 254, protocol = 1, 

 checksum = 51865, s = 10.83.191.3, d = 3.0.0.1 

prompt: Receiving IP packet 

 *Jun 14 18:17:32:754

 Sending, interface = GigabitEthernet0/2, version = 4, headlen =

 pktlen = 84, pktid = 58807, offset = 0, ttl = 253, protocol = 1, 

 checksum = 5

prompt: Sending the packet from GigabitEthernet0/3

组网及组网描述：

# version 5.

# sysname NEPDI-LB

 # clock timezone CN add 08:00:00 #

 undo voice vlan mac-address 00e0-bb00-0000 

# nat address-group 1 222.168.33.170 222.168.33.171 level 1

 nat address-group 2 175.19.

 nat address-group 3 222.169.191.18 222.169.191.18 level 1

 nat address-group 4 address 222.161.22.5 222.161.22.5 

 nat address-group 5 address 222.168.33.165 222.168.33.165 

# 

 domain default enable system

 # dns resolve dns proxy enable 

 dns server 114.114.114.114

 dns server 223.5.5.5 

 dns server

#

 ipv6 

# 

 ip ttl-expires enable

 ip unreachables enable

 #

firewall ipv6 enable 

# ip http acl

 natpt address-group 1 3.0.0.1 3.0.0.10

 natpt address-group 2 3.0.0.11 3.0.0.

 natpt turn-off traffic-class 

 natpt turn-off tos 

 natpt prefix 2408:8634:0601:00a0:: interface GigabitEthernet0/3 

 natpt v6bound dynamic prefix 2408:8634:0601:00a0:: address-group 1 no-pat

 # 

session aging-time syn 15 session aging-time tcp-est 1800 session aging-time udp-open 15 application aging-time ftp 1800 application aging-time dns 10 application aging-time msn 1800 session synchronization enable # password-recovery enable # acl number

#

 interface GigabitEthernet0/1 

 port link-mode route 

 description TO_Telecom

nat outbound 31

 nat outbound 3012 address-group 3 

 nat outbound 3008 address-group 1 

 nat outbound 3000 

 nat server protocol tcp global ... 

 ipv6 address 240E:712:10:9::2/64

 ip address ... 

 qos car inbound any cir 390000 cbs 19375000 ebs 0 green pass red discard 

 AFT enable 

# interface GigabitEthernet0/2 

 port link-mode route 

 description TO_Unicom 

 nat outbound 3011 address-group 2 

 nat outbound 3000 

 nat server protocol tcp global ... 

 ipv6 address 2408:8634:600:A::3/127 

 ip address ...

 natpt enable

 # 

interface GigabitEthernet0/3 

 port link-mode route description TO_Inside 

 ipv6 address 2408:8634:1002::1/64 

 ipv6 address 2408:8634:1002:FF::1/64

 ipv6 address 240E:712:10:100::1/64

 ipv6 address 240E:712:10:1FF::1/64

 ip address 10.83.191.1 255.255.255.240 

 ospfv3 1 area 0.0.0.0

 natpt enable

 # interface GigabitEthernet0/4 port link-mode route ip address 10.92.255.1 255.255.255.0 # interface GigabitEthernet0/6 port link-mode route # interface GigabitEthernet0/7 port link-mode route # interface GigabitEthernet0/8 port link-mode route # interface GigabitEthernet0/9 port link-mode route # interface GigabitEthernet0/10 port link-mode route # interface GigabitEthernet0/11 port link-mode route # interface GigabitEthernet0/5 port link-mode bridge # interface Tunnel0 # ospf 1 router-id 10.83.191.1 default-route-advertise always area 0.0.0.0 network 10.83.191.1 0.0.0.0 # ospfv3 1 router-id 10.83.191.1 import-route static area 0.0.0.0 # vd Root id 1 # zone name Management id 0 priority 100 import interface GigabitEthernet0/3 import interface GigabitEthernet0/4 zone name Local id 1 priority 100 zone name Trust id 2 priority 85 zone name DMZ id 3 priority 50 zone name Untrust id 4 priority 5 import interface GigabitEthernet0/1 import interface GigabitEthernet0/2 switchto vd Root zone name Management id 0 ip virtual-reassembly zone name Local id 1 ip virtual-reassembly zone name Trust id 2 ip virtual-reassembly zone name DMZ id 3 ip virtual-reassembly zone name Untrust id 4 ip virtual-reassembly interzone source Untrust destination Local # ip route-static 0.0.0.0 0.0.0.0 222.168.33.161 ip route-static 10.0.7.0 255.255.255.0 10.92.255.254 ip route-static 10.0.8.0 255.255.248.0 10.92.255.254 ip route-static 10.0.15.0 255.255.255.0 10.92.255.254 ip route-static 10.0.15.87 255.255.255.255 10.92.255.254 ip route-static 10.0.15.91 255.255.255.255 10.92.255.254 ip route-static 10.0.16.0 255.255.254.0 10.92.255.254 ip route-static 10.0.18.18 255.255.255.255 10.92.255.254 ip route-static 10.0.

 ipv6 route-static :: 0 2408:8634:600:A::2 

 ipv6 route-static 2408:8634:601:A1:: 64 2408:8634:601:A0::9 

 ipv6 route-static 2408:8634:601:AF:: 64 2408:8634:601:A0::7 

# info-center loghost 10.83.80.16 # snmp-agent snmp-agent local-engineid 800063A

4小时前提问

设备写错了 L1000-A Comware Software, Version 5.

该设备的NATPT/AFT功能实现不完整么？

4小时前回答

aft和接口nat的地址是不是有冲突

4小时前回答

检查了各项acl，均手动拒绝了natpt池为目的地址和源地址

Lijq

你正在,负载均衡lb1000-a AFT/NatPT ipv4转换问题