I am attempting to configure stateful NAT64 to allow IPv6 only hosts to connect back to IPv4 only hosts. No requirements to allow IPv4 to connect to IPv6 only. Only v6 -> v4 is required.
The configuration I'm about to show works if I'm not using the well known prefix (64:FF9B::/96), however, my goal is to use the well known prefix. I'm following the documentation here:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/iadnat-stateful-nat64.html
NAT64 Router Configuration
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
interface GigabitEthernet0/0/0
ip address 192.168.0.64 255.255.255.0
nat64 enable
!
interface GigabitEthernet0/0/1
ipv6 address 2001:DB8:100::64/64
ipv6 enable
nat64 enable
!
ipv6 access-list PERMITTED_NAT64
permit ipv6 2001:DB8:100::/48 any
!
nat64 prefix stateful 2001:DB8:1::/96
nat64 v4 pool NAT64_ADDRESS_POOL 100.64.0.0 100.64.255.255
nat64 v6v4 list PERMITTED_NAT64 pool NAT64_ADDRESS_POOL
!
Test Router is able to ping to loopback of the NAT64 router using the v4 address embedded in the v6 address:
Router# ping 2001:DB8:1::a0a:0a0a
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1::A0A:A0A, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Router#
NAT64 Router shows the translations:
nat64# show nat64 translations
Proto Original IPv4 Translated IPv4
Translated IPv6 Original IPv6
----------------------------------------------------------------------------
--- --- ---
100.64.0.1 2001:DB8:100::1
icmp 10.10.10.10:7068 [2001:db8:1::a0a:a0a]:7068
100.64.0.1:7068 [2001:DB8:100::1]:7068
Total number of translations: 2 NAT64 Router shows the configured stateful prefix:
nat64#show nat64 prefix stateful global
Global Stateful Prefix: is valid, 2001:DB8:1::/96
As I stated initially, my goal is to use the well known prefix. If I try to configure the well known prefix, I am explicitly disallowed.
nat64#conf t
Enter configuration commands, one per line. End with CNTL/Z.
nat64(config)#no nat64 prefix stateful 2001:DB8:1::/96
nat64(config)#nat64 prefix stateful 64:FF9B::/96
%NAT64: Cannot use the well-known prefix 64:FF9B::/96 for a stateful prefix
nat64(config)# end
According to the documentation if I do not configure a stateful prefix, the WKP should be used. So I should be able to omit the `nat64 prefix stateful` config line and have it work?
The Well Known Prefix 64:FF9B::/96 is supported for Stateful NAT64. During a stateful translation, if no stateful prefix is configured (either on the interface or globally), the WKP prefix is used to translate the IPv4 host addresses.
However, without a prefix configured, it appears the configuration is not valid.
nat01.fmt2#show nat64 prefix stateful global
Global Stateful Prefix: is not valid
And to no surprise, it does not work
Router#ping 64:FF9B::a0a:0a0a
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 64:FF9B::A0A:A0A, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
I'm either missing something obvious, or this does not work the way the documentation is written. Either way, I'm hoping someone can point me in the right direction!
This is done with a Cisco 4321 running 15.5(3)S6.
