03-09-2011 06:46 PM - edited 03-01-2019 05:26 PM
hi all - have an IPv6 network that is connected to our IPv4 subnet w/ a 2611 router. am attempting to set up a simple static NAT-PT between and IPv6 host (fdf2:a:b:c:1:1:1:20) and an IPv4 host (10.6.196.12).
NAT-PT between the nets so the IPv6 hosts can talk to the IPv4 subnet and internet. here's the config i have so far on my router:
version 12.3
service timestatmps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco-2611-02
!
boot-start-marker
boot system flash c2600-j1s3-mz.123-26.bin
boot-end-marker
!
enable password <>
!
no aaa new-model
ip subnet-zero
!
ipv6 unicast-routing
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address FDF2:A:B:C::3/64
ipv6 enable
ipv6 nat
!
interface FastEthernet0/1
ip address 10.6.196.20 255.255.255.0
duplex auto
speed auto
ipv6 nat
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 10.6.196.1
!
ipv6 nat v4v6 source 10.6.196.12 2000::a06:c40c
ipv6 nat v6v4 source FDF2:A:B:C:1:1:1:20 10.6.196.250
ipv6 nat prefix 2000::/96
!
using packet debugging on the router i can see the packets arriving at the fa0/0 interface but nothing ever arrives at the 10.6.196.12 host. what am i missing?
also, how would i need to change this if i wanted to do PAT/NAT-PT? i have more hosts and want all the IPv6 hosts to be able to access the v4 net and the internet. i started with doing a simple one to one static NAT just to see if i could get that working but i cant.
thx-
M
03-10-2011 10:15 AM
Hi,
Can you enable "debug ipv6 nat detail" and see what you get?
Your configuration appears to be correct. I ran a quick test with it and it seemed to work just fine for me with 12.4(25b). Since NAT-PT PAT is not supported until 12.3T/12.4 mainline, I would suggest you try this with a more recent IOS version and see if that'd make any difference. In order to do NAT-PT PAT, you'd need something like the following:
ipv6 nat v6v4 source list LAN pool OUTSIDE
ipv6 nat v6v4 pool OUTSIDE 10.6.196.x 10.6.196.y prefix-length 24
ipv6 nat prefix 2000::/96 v4-mapped LAN
!
ipv6 access-list LAN
permit ipv6 any any
You may also be interested in some of the earlier discussions on the usefulness of NAT-PT in general:
https://supportforums.cisco.com/message/3306447#3306447
03-27-2011 11:19 AM
Did you disable CEF? NAT-PT does not work with CEF switching.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide