Restrictions for Configuring Stateful Network Address Translation 64
-
Applications without a corresponding application-level gateway (ALG) may not work properly with the Stateful NAT64 translator.
-
IP Multicast is not supported.
-
The translation of IPv4 options, IPv6 routing headers, hop-by-hop extension headers, destination option headers, and source routing headers is not supported.
-
When traffic flows from IPv6 to IPv4, the destination IP address that you have configured must match a stateful prefix to prevent hairpinning loops. However, the source IP address (source address of the IPv6 host) must not match the stateful prefix. If the source IP address matches the stateful prefix, packets are dropped.
Hairpinning allows two endpoints inside Network Address Translation (NAT) to communicate with each other, even when the endpoints use only each other's external IP addresses and ports for communication.
-
Only TCP and UDP Layer 4 protocols are supported for header translation.
-
Routemaps are not supported.
-
If a static mapping host-binding entry exists for an IPv6 host, the IPv4 nodes can initiate communication. In dynamic mapping, IPv4 nodes can initiate communication only if a host-binding entry is created for the IPv6 host through a previously established connection to the same or a different IPv4 host.
Dynamic mapping rules that use Port-Address Translation (PAT), host-binding entries cannot be created because IPv4-initiated communication not possible through PAT.
-
Configuring NAT44 and NAT64 on the same interface is not recommended. Applying such a configuration could potentially impact the functionality of both NAT44 and NAT64. If such a configuration is applied, then you must remove both the configurations and re-apply the desired configuration.
-
Address Only Translation is not supported.
-
Post NAT fragmentation is not supported. If a packet exceeds the maximum transmission unit (MTU) after the translation, the packet will be dropped.
-
NAT64 is not supported with object group-based ACLs.
-
Overlapping address translation within the same VRF is not supported. You can configure only a single NAT64 rule for an IPv6 host within a given VRF. This implies that a given IPv6 host can only access IPv4 services hosted on either of the default or nondefault VRFs, but not both. However, overlapping address translation across different VRFs is supported, and NAT64 supports the translation of IPv6 hosts with overlapping addresses which are associated with different VRFs.
![]() Note |
For Domain Name System (DNS) traffic to work, you must have a separate working installation of DNS64. |