NAT-PT configuration help

Unanswered Question
May 26th, 2009

All,

I'm playing with IPv6 and NAT-PT. I can't get it to work at all. I'm trying to translate from v4 to v6. If I address a loopback interface on the v4 router and ping a v6 address sourcing from the loopback, it works fine. If I ping from a host that's connected to the switch, it doesn't work. What I have is:

Host(192.168.2.15)-><f0/1(192.168.2.1)>RouterA<f0/0(2001:3cad:2:3/64) --> <g0/0(2001:3cad:2:1/64)RouterB

On RouterA, I've got:

int fa0/0:

ipv6 address autoconfig

ipv6 nat

int fa0/1:

ip address 192.168.2.1 255.255.255.0

ipv6 nat

ipv6 nat v4v6 192.168.2.15 2001:3cad:2::15

ipv6 nat prefix 2001:3cad:2::/96

I can't ping from the 192.168.2.15 host. Two things I've noticed from looking at other configs:

1.) There always seems to be a v6v4 config as well. (Do I really need this to get it to work?)

2.) The networks that are translated don't always match what their destination networks will be. (192.168.5.15 translated to 192.168.6.16 toward a 192.168.7.0/24 subnet) <-- I know....makes no sense. :)

Thanks,

John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Laurent Aubert Tue, 05/26/2009 - 17:31

Hi John,

You need a v6v4 entry otherwise:

- Router A doesn't know which IPv4 address to use as the source address when it receives the Echo reply. It only knows how to translate the destination address

- it will tell you which IPv4 address to ping from your host

ipv6 nat v6v4 2001:3cad:2:1 192.168.2.254 (any available IP address in this subnet)

HTH

Laurent.

John Blakley Wed, 05/27/2009 - 07:32

Laurent,

Thanks for the reply. I still can't get it to work, but I think it's because of the other router.

RouterB has one interface using v6 addressing: 2001:3cad:2::1.

On RouterA (NAT-PT) I have one interface using v6 and one using v4. I have a laptop with only v4 addressing.

RouterA has something like:

ipv6 nat v4v6 192.168.2.15 2001:3cad:2::29

ipv6 nat v6v4 2001:3cad:2::1 192.168.2.254

I still can't ping anything, but I can see the translations happening with debug. I've got a default ipv6 route on RouterB like ::0/0 RouterA's v6 address, but that's not working either. I can't ping the 192.168.2.254 from RouterB either.

How would I be able to add a router to a v4 subnet on a v6 router? I tried 192.168.2.0 255.255.255.0 g1/0, but that didn't work either. (G1/0 is v6 addressed interface.)

Thanks!

John

Laurent Aubert Wed, 05/27/2009 - 07:58

Could you try with a /96 prefix which does not overlap with your current /64 prefix.

Keep your default v6 route on router B

You can also activate deb ipv6 icmp and debug ipv6 packets on router B during the test in addition of checking NAT really occurs on router A.

HTH

Laurent.

John Blakley Wed, 05/27/2009 - 08:08

Laurent,

Thanks for the replies :) I made the changes, but still no luck. Although, I now see that it's definitely getting to the other router and being translated outbound correctly:

*May 27 15:51:47.962: ICMPv6: Received echo request from 2001:3CAD:1A00:2::29

*May 27 15:51:47.962: ICMPv6: Sending echo reply to 2001:3CAD:1A00:2::29

*May 27 15:51:52.958: ICMPv6: Received ICMPv6 packet from FE80::207:EFF:FE63:8C29, type 135

Bolded is the local-link address for RouterA's v6 addressed interface. Bold and Italicized is the natted address of my host (192.168.2.15). The return traffic is configured on RouterA like:

ipv6 v6v4 source 2001:3CAD:1A00:2::1 192.168.2.254

The interface on RouterB is addressed as 2001:3CAD:1A00:2::1.

My question is how will my return traffic reach my .2.15 host if the return traffic is natted back to the .2.254 address?

Here's the default route on RouterB:

S ::/0 [1/0]

via 2001:3CAD:1A00:2::23

Thanks!

Actions

This Discussion