My objective is to perfect my knowledge (basic to intermediate at this point) of IPv6 by creating a 100% IPv6 LAN.
That's the Windows component - and I have a decent grasp on that.
But here's the hitch...
My ISP does not yet offer IPv6. Moreover, my test lab is at "home" so I probably could not obtain an IPv6 addr for a residential account anyway.
I have a ASA 5505 running 9.1 (just updated this week).
I want to create some sort of IPv6 to IPv4 NAT or PAT so my IPv6 LAN can communicate with the Internet.
Sure! I could just leave IPv4 on and I'd be set. But remember, I want to see if I can make everything (Active Directory, DNS, DHCP) work in an IPv6 only network.
Is there any guide or perhaps a blog on how this can be achieved? Could someone explain in a nutshell?
I've glanced at this...
But I'm not 100% sure which case applies to mine.
Some other details:
- I'll be using ULA (Unique Local Addresses) since my ISP cannot assign me a Global Unicast addr.
- My external IP would be dynamically assigned by my ISP.
- I managed to configure IPv4 NAT - so I know THAT does work.
You'll need to create a ipv6ip tunnel; the best place being between your ASA and router. This can either be server or an inexpensive Cisco 1841 (for example) peering with a tunnel broker such as Hurricane Electric.
Run OSPF between the router and you ASA. If using a linux server to for your tunnel, then you'll need to configure something like quagga to run the OSPF process.
This will give you a IPv6 lab environment.
If some of your kit then needs to connect to IPv4 external hosts then you will need to configure NAT64. If you chose the linux server option above, using tayga seems to be the popular option currently.
I wrote a blog post about the first step on my blog (shameless plug! ):
Thank you so much for your responses and please excuse my late response to them.
I looked at your blog. I think my scenario is a little different and you touched on that in the second part of your response above.
I *only* need to connect to external IPv4 hosts. I do not need to tunnel to another IPv6 site.
The IPv6 to IPv4 is the only objective I am pursuing at this point.
I do not believe I have an appropriate host machine for the csr1000v. Looks like the hardware requirements are high and you have to have VMware ESXi 5.x. I only have VMware Workstation (ver 9).
Is there any way to configure NAT64 on a single ASA 5505?
I hate I do not have an ASA to play with this but I will do my best to do it just with a piece of paper (I know pretty lame)
IPV6 Inside network 2001:AAAA:1111:BBBB::/120
IPv4 Outside Network for the NAT 18.104.22.168/24
We want our Inside IPv6 network to be able to talk with the outside IPv4 world
For that we will need to use NAT64 but at the same time NAT the Entire IPv4 address space into an IPv6 range
IPv6 range to match the entire IPv6 range :2001:17::/96
Outside Pool for the NAT (22.214.171.124/24)
Then create the NAT
object network IPv6_Subnet_Internal
object network IPv4_NAT
subnet 126.96.36.199 255.255.255.0
Object network Fake_IPv6
nat (inside,outside) source static IPv6_Subnet_Internal IPv4_NAT destination static Fake_IPv6 any
That should do it!
Rate all of the helpful posts!!!
Follow me on http://laguiadelnetworking.com
You do not want NAT for the job. You want a tunnelbroker, who will provide a tunnel to a pure IPv6 network.
You can get free accesss to the IPv6 internet using one of three popular Tunnel Brokers:
You can get a /48 prefix or /56 from them and use global addresses.
If you want to keep using ULA, you can employ NPTv6 (aka NAT66).
And take some time and demand that your ISP offer IPv6!