NAT-PT configuration help

Unanswered Question
May 26th, 2009
User Badges:
  • Purple, 4500 points or more

All,


I'm playing with IPv6 and NAT-PT. I can't get it to work at all. I'm trying to translate from v4 to v6. If I address a loopback interface on the v4 router and ping a v6 address sourcing from the loopback, it works fine. If I ping from a host that's connected to the switch, it doesn't work. What I have is:


Host(192.168.2.15)-><f0/1(192.168.2.1)>RouterA<f0/0(2001:3cad:2:3/64) --> <g0/0(2001:3cad:2:1/64)RouterB


On RouterA, I've got:


int fa0/0:

ipv6 address autoconfig

ipv6 nat


int fa0/1:

ip address 192.168.2.1 255.255.255.0

ipv6 nat


ipv6 nat v4v6 192.168.2.15 2001:3cad:2::15

ipv6 nat prefix 2001:3cad:2::/96



I can't ping from the 192.168.2.15 host. Two things I've noticed from looking at other configs:


1.) There always seems to be a v6v4 config as well. (Do I really need this to get it to work?)


2.) The networks that are translated don't always match what their destination networks will be. (192.168.5.15 translated to 192.168.6.16 toward a 192.168.7.0/24 subnet) <-- I know....makes no sense. :)


Thanks,

John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Laurent Aubert Tue, 05/26/2009 - 17:31
User Badges:
  • Cisco Employee,

Hi John,


You need a v6v4 entry otherwise:


- Router A doesn't know which IPv4 address to use as the source address when it receives the Echo reply. It only knows how to translate the destination address


- it will tell you which IPv4 address to ping from your host


ipv6 nat v6v4 2001:3cad:2:1 192.168.2.254 (any available IP address in this subnet)


HTH


Laurent.

John Blakley Wed, 05/27/2009 - 07:32
User Badges:
  • Purple, 4500 points or more

Laurent,


Thanks for the reply. I still can't get it to work, but I think it's because of the other router.


RouterB has one interface using v6 addressing: 2001:3cad:2::1.


On RouterA (NAT-PT) I have one interface using v6 and one using v4. I have a laptop with only v4 addressing.


RouterA has something like:


ipv6 nat v4v6 192.168.2.15 2001:3cad:2::29

ipv6 nat v6v4 2001:3cad:2::1 192.168.2.254


I still can't ping anything, but I can see the translations happening with debug. I've got a default ipv6 route on RouterB like ::0/0 RouterA's v6 address, but that's not working either. I can't ping the 192.168.2.254 from RouterB either.


How would I be able to add a router to a v4 subnet on a v6 router? I tried 192.168.2.0 255.255.255.0 g1/0, but that didn't work either. (G1/0 is v6 addressed interface.)


Thanks!

John

Laurent Aubert Wed, 05/27/2009 - 07:58
User Badges:
  • Cisco Employee,

Could you try with a /96 prefix which does not overlap with your current /64 prefix.


Keep your default v6 route on router B


You can also activate deb ipv6 icmp and debug ipv6 packets on router B during the test in addition of checking NAT really occurs on router A.


HTH


Laurent.

John Blakley Wed, 05/27/2009 - 08:08
User Badges:
  • Purple, 4500 points or more

Laurent,


Thanks for the replies :) I made the changes, but still no luck. Although, I now see that it's definitely getting to the other router and being translated outbound correctly:


*May 27 15:51:47.962: ICMPv6: Received echo request from 2001:3CAD:1A00:2::29

*May 27 15:51:47.962: ICMPv6: Sending echo reply to 2001:3CAD:1A00:2::29

*May 27 15:51:52.958: ICMPv6: Received ICMPv6 packet from FE80::207:EFF:FE63:8C29, type 135


Bolded is the local-link address for RouterA's v6 addressed interface. Bold and Italicized is the natted address of my host (192.168.2.15). The return traffic is configured on RouterA like:


ipv6 v6v4 source 2001:3CAD:1A00:2::1 192.168.2.254


The interface on RouterB is addressed as 2001:3CAD:1A00:2::1.


My question is how will my return traffic reach my .2.15 host if the return traffic is natted back to the .2.254 address?


Here's the default route on RouterB:


S ::/0 [1/0]

via 2001:3CAD:1A00:2::23



Thanks!


Actions

This Discussion