Static NAT-PT for IPv6 Configuration Example
Available Languages
Contents
Introduction
This document describes how to implement Static NAT-PT on Cisco IOS® devices through an example configuration. In this example, IPv6 network nodes communicate with IPv4 network nodes through a static mapping between an IPv6 prefix and an IPv4 address. This static mapping is configured on the Network Address Translation - Protocol Translation (NAT-PT) router.
The NAT-PT feature is an IPv6-to-IPv4 translation mechanism that allows IPv6-only devices to communicate with IPv4-only devices and vice versa. Similarly to traditional IPv4 NAT, NAT-PT allows for static, dynamic, and port address translation (PAT) operations to facilitate direct communication between IPv6-only networks and IPv4-only networks.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
-
Basic knowledge of NAT concepts and operations.
-
Basic knowledge of IPv6 Addressing Scheme
-
Basic knowledge of IPv6 Static Routing
Components Used
The configurations in this document are based on the Cisco 3700 series router on Cisco IOS Software Release 12.4 (15)T 13.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Configure
In this example, three routers (R1, R2, and R3) are connected through serial interfaces. R1 acts as a NAT-PT router, which connects to R2 using an IPv4 address and to R3 using an IPv6 address.
Network Diagram
This example uses the network setup as shown in this diagram:
Configurations
This example uses these configurations:
| R1 Configuration |
|---|
hostname R1 ipv6 unicast-routing ! interface Serial0/0 ip address 192.168.30.10 255.255.255.0 duplex auto speed auto ipv6 nat ! interface Serial0/1 no ip address duplex auto speed auto ipv6 address 2001:DB8:3002::9/64 ipv6 enable |
| R2 Configuration |
|---|
hostname R2 ! interface Serial0/0 ip address 192.168.30.9 255.255.255.0 duplex auto speed auto ! ip route 0.0.0.0 0.0.0.0 192.168.30.10 ! ! end |
| R3 Configuration |
|---|
hostname R3 ipv6 unicast-routing ! interface Loopback0 no ip address ipv6 address 3001:11:0:1::1/64 ! interface Serial0/0 no ip address duplex auto speed auto ipv6 address 2001:DB8:3002::10/64 ! ipv6 route ::/0 2001:DB8:3002::9 ! |
Verify
Use this section to confirm that your configuration works properly.
In Router R3
An ICMP Echo Request packet generated by R3 that is sourced from the IPv6 address of R3's Loopback0 interface (3001:11:0:1::1) should reach the IPv4 address of R2's Serial0/0 interface (192.168.30.9) using the IPv6 address 2000::960B:202. A working example is shown here:
| Ping |
|---|
R3#ping 2000::960b:202 source Loopback0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2000::960B:202, timeout is 2 seconds: Packet sent with a source address of 3001:11:0:1::1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/60/124 ms !--- This shows that the router R3 is able to reach |
In Router R2
An ICMP Echo Request packet generated by R2 (which will be automatically sourced from 192.168.30.9, which is the IPv4 address of R2's Serial0/0 interface) should reach the IPv6 address of R3's Loopback0 interface (3001:11:0:1::1) using the IPv4 address 150.11.3.1. A working example is shown here:
| Ping |
|---|
R2#ping 150.11.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 150.11.3.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/68/120 ms !--- The successful ping response shows that the router R2 |
In Router R1
On R1, active NAT-PT translations between R2 and R3 can be observed through the output of the show ipv6 nat translations command.
| show ipv6 nat translations |
|---|
R1#show ipv6 nat translations
Prot IPv4 source IPv6 source
IPv4 destination IPv6 destination
--- --- ---
192.168.30.9 2000::960B:202
--- 150.11.3.1 3001:11:0:1::1
--- ---
R1#show ipv6 nat translations
Prot IPv4 source IPv6 source
IPv4 destination IPv6 destination
--- --- ---
192.168.30.9 2000::960B:202
--- 150.11.3.1 3001:11:0:1::1
--- ---
!--- This command displays the active NAT-PT translations in the router.
|
Activating detailed IPv6 NAT debugs with the debug ipv6 nat detailed command while an ICMP ping between R2 and R3 shows that R1 translates traffic as expected.
| debug ipv6 nat detailed |
|---|
R1#debug ipv6 nat detailed
R1#
*Mar 1 09:12:41.877: IPv6 NAT: Found prefix 2000::/96
*Mar 1 09:12:41.881: IPv6 NAT: IPv4->IPv6:
src (192.168.30.9 -> 2000::960B:202)
dst (0.0.0.0 -> ::)
ref_count = 1, usecount = 0, flags = 513,
rt_flags = 0, more_flags = 0
*Mar 1 09:12:41.881: IPv6 NAT: IPv4->IPv6:
src (0.0.0.0 -> ::)
dst (150.11.3.1 -> 3001:11:0:1::1)
ref_count = 1, usecount = 0, flags = 257,
rt_flags = 0, more_flags = 0
*Mar 1 09:12:41.925: IPv6 NAT: IPv6->IPv4:
src (3001:11:0:1::1 -> 150.11.3.1)
dst (2000::960B:202 -> 192.168.30.9)
ref_count = 1, usecount = 0, flags = 2,
rt_flags = 0, more_flags = 0
*Mar 1 09:12:41.925: IPv6 NAT: icmp src (3001:11:0:1::1) -> (150.11.3.1),
dst (2000::960B:202) -> (192.168.30.9)
*Mar 1 09:12:41.965: IPv6 NAT: Found prefix 2000::/96
*Mar 1 09:12:41.965: IPv6 NAT: IPv4->IPv6:
src (192.168.30.9 -> 2000::960B:202)
dst (150.11.3.1 -> 3001:11:0:1::1)
ref_count = 1, usecount = 0, flags = 2,
rt_flags = 0,
!--- This command displays detailed information about NAT-PT events.
|
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Related Information
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)