Troubleshooting aft, Symptom 1, Solution – H3C Technologies H3C SecPath F1000-E User Manual
Page 89: Symptom 2
77
Source IP/Port : 0006::0002/32768
Dest IP/Port : 2000:0:0404:0402::/44012
VPN-Instance/VLAN ID/VLL ID:
Responder:
Source IP/Port : 4.4.4.2/0
Dest IP/Port : 6.6.6.10/12299
VPN-Instance/VLAN ID/VLL ID:
Pro: ICMPv6(58) App: unknown State: ICMP-CLOSED
Start time: 2010-12-21 17:00:06 TTL: 23s
Root Zone(in): Management
Zone(out): Management
Received packet(s)(Init): 5 packet(s) 520 byte(s)
Received packet(s)(Reply): 5 packet(s) 420 byte(s)
Total find: 2
Troubleshooting AFT
Symptom 1
When an IPv6 host with a non-IVI address initiates communication with an IPv4 host, AFT fails to perform
address translation.
Solution
1.
Enable debugging for AFT and locate the causes based on the debugging information.
2.
Check whether the translation of the source address is successful based on the debugging
information. If not, the address pool might run out of IP addresses.
3.
You can configure a larger address pool or use IP address + port number translation to save the IP
addresses in the address pool.
Symptom 2
When an IPv6 host with an IVI address initiates communication with an IPv4 host, AFT fails to perform
address translation.
Solution
Check whether the IVI address complies with the IVI address format. If not, change the address of the IPv6
host or configure a 6to4 AFT policy.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS