Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPv6 to IPv4 translation

I have confige a pair of Ace appliances with configuration provided by Cisco for this function, in that I have a Global IPv6 address x-lating to an IPv4 real server farm.  I'm having no love.  Does this functionality work with a static NAT IPv6 to IPv4?  Also, the firewall in front of the Ace pair sees IPv6 traffic passing, but not reply.  What would be the best capture command to see if the request (https) is actually reaching the Ace?                 

3 REPLIES

Re: IPv6 to IPv4 translation

James,

http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps7027/product_bulletin_c25-687419.html

If you have an ACE30 you can get a 10gig captures on the switch.

If you have an ACE 4710 you need to take it in the switch directly connected to the ACE which faces the Client side

Jorge

Cisco Employee

Re: IPv6 to IPv4 translation

Hi,

if you just want to verify whether the traffic is hitting ACE or not you can try the following :

create a access list with source as client IP address. ( here source is 10.10.10.10 in my example )

ace-4710-1/Admin(config)# access-list captureacl extended permit tcp 10.10.10.10 255.255.255.0 any eq 443

ace-4710-1/Admin# capture capturetest all access-list captureacl

ace-4710-1/Admin# capture capturetest start

Once it is done you can stop it by using

ace-4710-2/Admin# capture capturetest stop

Save the file to disk :

ace-4710-2/Admin# copy capture capturetest disk0: test.pcap

hope that helps.

regards,

Ajay Kumar

Cisco Employee

Re: IPv6 to IPv4 translation

Hi,

I see you are willing to capture ipv6.

You can create ACL using ipv6 :

ace-4710-1/Admin(config)# access-list test extended permit ip

       Specify source IP address

    Specify source IPv6 address

  any           Any source address and mask (Equiv of 0.0.0.0 0.0.0.0)

  anyv6         Any source address and mask (Equiv of 0::0/0)

  host          Configure source host

  object-group  Network object-group for source address

see if that helps. Or else Span is a good option as suggested by Jorge.

regards,

Ajay Kumar

289
Views
0
Helpful
3
Replies