ipv6做了aft转换成ipv4出去上网,
但是部分app打不开,微信QQ无法收文件和图片
请问是什么原因呢
mtu和tcp mss都改了
vlan 1
#
vlan 1001
object-group ip address 192.168.20.2
0 network host address 192.168.20.1
#
object-group ip address waiwang
0 network subnet 0.0.0.0 0.0.0.0
#
object-group ipv6 address 2012::192.168.20.2
0 network host address 2012::C0A8:1402
#
object-group ipv6 address 2013::
0 network subnet 2013::/96
#
interface Vlan-interface1
ip address 192.168.1.27 255.255.255.0
tcp mss 1024
ipv6 mtu 1400
aft enable
ipv6 address 2013::1/96
#
interface Vlan-interface1001
ip address 10.10.2.2 255.255.255.0
#
interface GigabitEthernet1/0/17
port link-mode route
description 互联路由器
ip address 192.168.20.2 255.255.255.0
aft enable
interface GigabitEthernet1/0/15
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1001
#
security-zone name Local
#
security-zone name Trust
import interface Vlan-interface1
import interface Vlan-interface1001
import interface GigabitEthernet1/0/13 vlan 1
import interface GigabitEthernet1/0/15 vlan 1 1001
#
security-zone name DMZ
#
security-zone name Untrust
import interface GigabitEthernet1/0/17
#
ip route-static 0.0.0.0 0 192.168.20.1
ip route-static 10.10.1.0 24 10.10.2.1
acl advanced 3100
rule 0 permit ip
#
acl ipv6 advanced 3100
rule 0 permit ipv6 source 2013::/96
rule 5 deny ipv6
#
aft address-group 0
address 192.168.20.2 192.168.20.2
#
aft prefix-nat64 2012:: 96
aft v6tov4 source acl ipv6 number 3100 address-group 0
#
security-policy ip
rule 3 name aftlocalout
action pass
source-zone local
destination-zone untrust
source-ip 192.168.20.2
destination-ip waiwang
#
security-policy ipv6
rule 0 name aftlocalin
action pass
source-zone trust
destination-zone local
source-ip 2013::
destination-ip 2012::192.168.20.2
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论