05-24-2019 11:35 AM
Has anybody configures dynamic/hide IPv4 to IPv6?
I have a requirement for IPv4 only hosts to connect to IPv6 Internet sites, I originally tried to lab NAT-PT with DNS ALG.
<IPv4 only host> --- <Cisco Router with NAT-PT> ---- IPv6 Internet
IPv4 NAT works fine
IPv6 from the router works fine
From an IPv4 Linux host, the IPv4 NAT isn't working.
Lab config:
Inside interface:
interface GigabitEthernet0/1
ip address 10.0.0.5 255.255.255.252
ip nat inside
ip nat enable
ip virtual-reassembly in
duplex full
speed auto
media-type rj45
ipv6 nat
!
Outside Interface:
interface GigabitEthernet0/2
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex full
speed auto
media-type rj45
ipv6 address <IPv6 address>/64
ipv6 enable
ipv6 nat
!
ipv6 route ::/0 <IPv6 G/W>
ipv6 nat v4v6 source list 75 pool v6pool
ipv6 nat v4v6 pool v6pool <IPv6 start address> <IPv6 end address> prefix-length 64
ipv6 nat v6v4 source<IPv6 address> <External IPv4 address>
ipv6 nat prefix<IPv6 address>/96
This is a stop gap for an immediate requirement until we can get a proper Dual-Stack design and implementation in place.
Any advice would be greatly appreciated.
Solved! Go to Solution.
05-28-2019 01:10 PM
Understood. Just warning you about how bad NAT-PT is.
Anyhow, you need to configure a V4 pool and a dynamic v6v4 translation for the NAT-PT to modify the DNS response going back to the V4 station.
ipv6 nat v6v4 source list <access-list> pool v4pool
ipv6 nat v6v4 pool v4pool ≤begin address≥ ≤end address≥ prefix-length <prfix-length>
Additionally, do not forget to disable ip cef and ipv6 cef, as NAT-PT does not even work in CEF.
Regards,
05-24-2019 01:56 PM
Given that NAT-PT has been deprecated by the IETF (RFC4966) and that there is very little IPv6 only sites, what is the requirements to run NAT-PT. Given the performance and all the isuuses of NAT-PT, I would strongly recommend against it.
Regards,
05-28-2019 05:45 AM
Harold,
Fully agree with you, it's for an unusual telco regulatory requirement in the middle east, and to be fair more of a 'tick in the box exercise'.
I was only looking at this as a very tactical option to provide more time to plan out a dual-stack deployment, however, everything is pointing to scrapping this and going dual-stack day 1.
I then became curious as to why the config wasn't working, more for my own curiosity but guess some things aren't worth spending too much time on.
Many thanks and all the best,
Andy
05-28-2019 01:10 PM
Understood. Just warning you about how bad NAT-PT is.
Anyhow, you need to configure a V4 pool and a dynamic v6v4 translation for the NAT-PT to modify the DNS response going back to the V4 station.
ipv6 nat v6v4 source list <access-list> pool v4pool
ipv6 nat v6v4 pool v4pool ≤begin address≥ ≤end address≥ prefix-length <prfix-length>
Additionally, do not forget to disable ip cef and ipv6 cef, as NAT-PT does not even work in CEF.
Regards,
05-29-2019 06:12 AM
Harold,
Many thanks again, it's safe to say we won't be using NAT-PT.
Really appreciate the input.
Many thanks,
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide