Configuring NAT66 on ScreenOS

I recently had to deploy redeploy an old NetScreen 5GT to segregate a production LAN and create a small lab network. The production LAN has a routable IPv6 /64 prefix, delivered via a Hurricane Electric IPv6 tunnel. The lab network also required IPv6 connectivity. We also recently obtained a /48 prefix from Hurricane Electric, so I could have just assigned a /64 from that to the lab network and routed it via the 5GT. However, this 5GT gets moved around to various different networks, including trade show networks. As such, the untrust interface of the 5GT needed to be auto-configuring, so that it would obtain an IPv6 prefix from router advertisements on whichever LAN it was connected to. This also meant that assigning a /64 from our Hurricane Electric /48 prefix was out of the question.

The first step is to enable IPv6 support on your device, if it isn’t already:

set envar ipv6=yes
reset save-config yes

After restarting your device, you should find that IPv6 configuration options are available, and the web UI will also have additional pages and config options. Continue reading “Configuring NAT66 on ScreenOS”