05-26-2009 01:29 PM - edited 03-04-2019 04:53 AM
All,
I'm playing with IPv6 and NAT-PT. I can't get it to work at all. I'm trying to translate from v4 to v6. If I address a loopback interface on the v4 router and ping a v6 address sourcing from the loopback, it works fine. If I ping from a host that's connected to the switch, it doesn't work. What I have is:
Host(192.168.2.15)-><f0/1(192.168.2.1)>RouterA<f0/0(2001:3cad:2:3/64) --> <g0/0(2001:3cad:2:1/64)RouterB
On RouterA, I've got:
int fa0/0:
ipv6 address autoconfig
ipv6 nat
int fa0/1:
ip address 192.168.2.1 255.255.255.0
ipv6 nat
ipv6 nat v4v6 192.168.2.15 2001:3cad:2::15
ipv6 nat prefix 2001:3cad:2::/96
I can't ping from the 192.168.2.15 host. Two things I've noticed from looking at other configs:
1.) There always seems to be a v6v4 config as well. (Do I really need this to get it to work?)
2.) The networks that are translated don't always match what their destination networks will be. (192.168.5.15 translated to 192.168.6.16 toward a 192.168.7.0/24 subnet) <-- I know....makes no sense. :)
Thanks,
John
05-26-2009 05:31 PM
Hi John,
You need a v6v4 entry otherwise:
- Router A doesn't know which IPv4 address to use as the source address when it receives the Echo reply. It only knows how to translate the destination address
- it will tell you which IPv4 address to ping from your host
ipv6 nat v6v4 2001:3cad:2:1 192.168.2.254 (any available IP address in this subnet)
HTH
Laurent.
05-27-2009 07:32 AM
Laurent,
Thanks for the reply. I still can't get it to work, but I think it's because of the other router.
RouterB has one interface using v6 addressing: 2001:3cad:2::1.
On RouterA (NAT-PT) I have one interface using v6 and one using v4. I have a laptop with only v4 addressing.
RouterA has something like:
ipv6 nat v4v6 192.168.2.15 2001:3cad:2::29
ipv6 nat v6v4 2001:3cad:2::1 192.168.2.254
I still can't ping anything, but I can see the translations happening with debug. I've got a default ipv6 route on RouterB like ::0/0 RouterA's v6 address, but that's not working either. I can't ping the 192.168.2.254 from RouterB either.
How would I be able to add a router to a v4 subnet on a v6 router? I tried 192.168.2.0 255.255.255.0 g1/0, but that didn't work either. (G1/0 is v6 addressed interface.)
Thanks!
John
05-27-2009 07:58 AM
Could you try with a /96 prefix which does not overlap with your current /64 prefix.
Keep your default v6 route on router B
You can also activate deb ipv6 icmp and debug ipv6 packets on router B during the test in addition of checking NAT really occurs on router A.
HTH
Laurent.
05-27-2009 08:08 AM
Laurent,
Thanks for the replies :) I made the changes, but still no luck. Although, I now see that it's definitely getting to the other router and being translated outbound correctly:
*May 27 15:51:47.962: ICMPv6: Received echo request from 2001:3CAD:1A00:2::29
*May 27 15:51:47.962: ICMPv6: Sending echo reply to 2001:3CAD:1A00:2::29
*May 27 15:51:52.958: ICMPv6: Received ICMPv6 packet from FE80::207:EFF:FE63:8C29, type 135
Bolded is the local-link address for RouterA's v6 addressed interface. Bold and Italicized is the natted address of my host (192.168.2.15). The return traffic is configured on RouterA like:
ipv6 v6v4 source 2001:3CAD:1A00:2::1 192.168.2.254
The interface on RouterB is addressed as 2001:3CAD:1A00:2::1.
My question is how will my return traffic reach my .2.15 host if the return traffic is natted back to the .2.254 address?
Here's the default route on RouterB:
S ::/0 [1/0]
via 2001:3CAD:1A00:2::23
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide