Limitations and Precautions for NAT64

Hardware Requirements

The NAT64 function is supported by all models.

License Requirements

The NAT64 function is not license-controlled.

Restrictions

If you need to enable 3-tuple NAT64, use the HASH-based CPU selection mode that is oriented to the source IP address. For configurations on the HASH-based CPU selection mode, see Hash-based CPU Selection.
After you configure NAT64, IPv6 packets are translated into IPv4 packets. The post-NAT IPv4 packets support the NAT Server function but not other NAT functions.
NAT64 cannot translate host IP addresses in the HTTP packets for accessing non-well-known ports. Therefore, the HTTP service using non-well-known ports is unavailable.
NAT64 cannot be performed for a packet with the source IP address as a multicast address (FF00::/8), loopback address (0::1), undefined addresses (0::0), link-local address (FE80::/10), or site-local addresses (FEC0::/64).

Precautions

When configuring the NAT64 function, you only need to configure IPv6 addresses as matching security policies or NAT policies. You do not need to specify IPv4 addresses. If only IPv4 addresses are configured for a policy, services are interrupted. The details are as follows:

Service type	Security policy	NAT policy
IPv6-to-IPv4 (dynamic mapping)	Set the source IP address to the IPv6 address of the user who initiates the access, and do not set the destination IP address.	Set the source IP address to the IPv6 address of the user who initiates the access, and do not set the destination IP address.
IPv6-to-IPv4 (static mapping)	Set the source IP address to the IPv6 address of the user who initiates the access, and do not set the destination IP address.	N/A
IPv4-to-IPv6 (static mapping)	Set the destination address to the IPv6 address of the IPv6 server to be accessed. The source IP address does not need to be configured.	N/A