Multiple IPv6 to connect to single IPv4 server NAT-PT

harris-sprint · ‎07-26-2011

Hi Expert,

I've a requirement to implement NAT-PT for 3 IPv6 customer they will be connecting to our one server IP within IPv4 network. I have no chose to choose

NAT64 instead of NAT-PT as we know NAT-PT is historic per RFC4966. So. I checked the link below with V4/v6 topology with multiple mNAT-PT devices

http://tools.ietf.org/html/draft-park-scalable-multi-natpt-00#section-5 as an option. However for my design is not, we are looking to do the NAT-PT in our router that connected those IPv6 sites into one IPv4 server. I tried to lab this up and I had issue with Ipv6 nat prefix /96 as each customer will be assigned diffrent /96 prefix and I can assign them on the interface Egres to the customer , however there will be issue assigning those prefix /96 to the insite fa0/0 which connet to the IPv4 server. So I'm looking to see if some one have any other option or if some one know good link to the NAT-PT using PAT I belive could solve this issue.

R1(IPv6) & R2(IPv6) & R3(IPv6) connect to R4(IPv6+IPv4) where the server is behind R4.

Any help will be appricated.

Thanks

harris-sprint · ‎07-27-2011

Weak up guys, no replies yet. Anyhow I got it to work with NAT-PT using PAT. I assigned multiple 2001 & 2003 v6 addresses in 2 diffrent routers ( 2001:A:B:F::1 & 2003:DB8:BBBB:1::9) accordingly and on the NAT-PT router configured the following:

router 3:

**********

ipv6 nat translation timeout never

ipv6 nat v4v6 source 192.168.40.200 2001::C0A8:28C8

ipv6 nat v6v4 source list list_to-ipv4 interface FastEthernet0/0 overload

ipv6 nat prefix 2001::/96

ipv6 access-list list_to-ipv4

permit ipv6 2001:A:B:C::/64 any

permit ipv6 2001:A:B:D::/64 any

permit ipv6 2001:A:B:F::/64 any

permit ipv6 2001:DB8:BBBB:1::/64 any

permit ipv6 2003:DB8:BBBB:1::/64 any

Then Ipv6 nat on the interfaces and I can ping from the remote v6 network to the server IP however can not ping from IPv4 to IPv6 back, this is where I need to work on, if any one know the answer please reply I may be missing something.. Thanks

Thanks to the cciethebeginning web site.

harris-sprint · ‎07-27-2011

Hi All,

Now I got it to work both way, PAT (port Address Translation) is many to one mapping, that is way I can ping from IPv6

network to only one IPv4 address and I can see the ports # assigned by the NAT-PT router. Now As I said I had issues with outbound traffic as for my design I need my IPv4 server also to not just reply to the ping I needed to intiate outbound connection to IPv6 if needed. So I created static entry in the NAT-PT for each outbound traffic.

Please let me know if someone having the same issue and need more info.

Thanks

Maz Mohamed

Phillip Remaker · ‎07-28-2011

Look at the example at https://learningnetwork.cisco.com/message/76266 complete with video.

In your case

ipv6 nat v4v6 source 192.168.40.200 2001::C0A8:28C8

Will take packets from 192.168.40.200 and rewrite them with a source of 2001::C0A8:28C8

However, there also needs to be a phantom IPv4 destination address representing the distant IPv6 host so that the IPv4 address has a destination address it recognizes. ipv6 nat v6v4 source serves that purpose.

Similarly, packets destined to 2001::C0A8:28C8 will be forwarded to 192.168.40.200, but there needs to be a phantom IPv4 address So that the IPv6 source address will be changed into an IPv4 address that 192.168.40.200 can recognize. ipv6 nat v4v6 source serves that purpose.

Without knowing the "real" and "phantom" IPv4 and IPv6 addresses in this example, it is hard to say much more.