06-07-2017 06:14 AM - edited 03-01-2019 05:53 PM
I'm doing a NAT64 translation on cisco routeur. The translation from IPv6 to IPv4 work but the return isn't translated neighter int the NAT64 statistics.
config:
interface GigabitEthernet0/1
nat64 enable
ipv6 address 2001:2525:3164:1000::1/64
interface GigabitEthernet0/0/0
ip address 194.10.83.2 255.255.255.248
nat64 enable
nat64 v4 pool pool1 194.10.83.2 194.10.83.2
nat64 v6v4 list nat64ACL pool pool1 overload
ipv6 access-list nat64ACL
permit ipv6 2001:2525:3164:1000::/56 any
Translation table:
RM_A0.1#sh nat64 translations
Proto Original IPv4 Translated IPv4
Translated IPv6 Original IPv6
--------------------------------------------------------
icmp 194.10.83.1:1 [64:FF9B::C20A:5301]:1
194.10.83.2:1 [2001:2525:3164:1000:6188:82D:86F8:708E]:1
tcp 194.10.83.1:23 [64:FF9B::C20A:5301]:23
194.10.83.2:60531 [2001:2525:3164:1000:6188:82D:86F8:708E]:60531
Total number of translations: 2
statistics:
Number of packets translated by stateless NAT64:
Packets translated (IPv4 -> IPv6): 0
Packets translated (IPv6 -> IPv4): 0
Number of packets translated by stateful NAT64:
Packets translated (IPv4 -> IPv6): 0
Packets translated (IPv6 -> IPv4): 75
Global Statistics
Prefix: 64:FF9B::/96
Packets translated (IPv4 -> IPv6): 0
Packets translated (IPv6 -> IPv4): 20
Packets dropped: 0
Wireshark capture on ipv4 network:
on the IPv4 network everything looks fine. Any idea?
edit: that's the whole configuration of the router:
Current configuration : 2039 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RM_A0.1
!
boot-start-marker
boot-end-marker
!
enable password emf
!
no aaa new-model
memory-size iomem 15
!
ip cef
ipv6 unicast-routing
ipv6 dhcp pool myPool
dns-server 2001:4860:4860::8888
domain-name Baldi.local
!
ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
license udi pid CISCO1921/K9 sn FCZ1918C2N2
!
vtp domain emf
vtp mode transparent
vtp version 2
!
redundancy
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address FE80::1:1:0 link-local
ipv6 address 2001:2525:3164:100F::/127
ipv6 ospf 99 area 0
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
nat64 enable
ipv6 address FE80::1:1:1 link-local
ipv6 address 2001:2525:3164:1000::1/64
ipv6 nd other-config-flag
ipv6 dhcp server myPool
ipv6 ospf 99 area 0
!
interface GigabitEthernet0/0/0
ip address 194.10.83.2 255.255.255.248
duplex auto
speed auto
nat64 enable
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
!
router ospfv3 99
router-id 0.0.0.1
!
address-family ipv6 unicast
exit-address-family
!
router rip
version 2
network 194.10.83.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
nat64 v4 pool pool1 194.10.83.2 194.10.83.2
nat64 v6v4 list nat64ACL pool pool1 overload
!
ipv6 access-list nat64ACL
permit ipv6 2001:2525:3164:1000::/56 any
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password emf
login
transport input none
!
scheduler allocate 20000 1000
ntp server 2001:2525:3164:1F::
!
end
06-08-2017 03:28 AM
okey I found the solution: the v4 pool can't be in the same subnet as the interface is. with an IP in another subnet everything works fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide