NAT64 outbound ok, inbound ko. not in statistics

bourquid · ‎06-07-2017

I'm doing a NAT64 translation on cisco routeur. The translation from IPv6 to IPv4 work but the return isn't translated neighter int the NAT64 statistics.

config:

 interface GigabitEthernet0/1
 nat64 enable
 ipv6 address 2001:2525:3164:1000::1/64


interface GigabitEthernet0/0/0
 ip address 194.10.83.2 255.255.255.248
 nat64 enable

nat64 v4 pool pool1 194.10.83.2 194.10.83.2
nat64 v6v4 list nat64ACL pool pool1 overload

ipv6 access-list nat64ACL
 permit ipv6 2001:2525:3164:1000::/56 any

Translation table:

RM_A0.1#sh nat64 translations
Proto   Original IPv4           Translated IPv4
        Translated IPv6         Original IPv6
--------------------------------------------------------
icmp    194.10.83.1:1           [64:FF9B::C20A:5301]:1
        194.10.83.2:1           [2001:2525:3164:1000:6188:82D:86F8:708E]:1

tcp     194.10.83.1:23          [64:FF9B::C20A:5301]:23
        194.10.83.2:60531       [2001:2525:3164:1000:6188:82D:86F8:708E]:60531

Total number of translations: 2

statistics:

Number of packets translated by stateless NAT64:
        Packets translated (IPv4 -> IPv6): 0
        Packets translated (IPv6 -> IPv4): 0

Number of packets translated by stateful NAT64:
        Packets translated (IPv4 -> IPv6): 0
        Packets translated (IPv6 -> IPv4): 75

Global Statistics
Prefix: 64:FF9B::/96
        Packets translated (IPv4 -> IPv6): 0
        Packets translated (IPv6 -> IPv4): 20
        Packets dropped: 0

Wireshark capture on ipv4 network:

on the IPv4 network everything looks fine. Any idea?

edit: that's the whole configuration of the router:

Current configuration : 2039 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RM_A0.1
!
boot-start-marker
boot-end-marker
!
enable password emf
!
no aaa new-model
memory-size iomem 15
!
ip cef
ipv6 unicast-routing
ipv6 dhcp pool myPool
 dns-server 2001:4860:4860::8888
 domain-name Baldi.local
!
ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
license udi pid CISCO1921/K9 sn FCZ1918C2N2
!
vtp domain emf
vtp mode transparent
vtp version 2
!
redundancy
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address FE80::1:1:0 link-local
 ipv6 address 2001:2525:3164:100F::/127
 ipv6 ospf 99 area 0
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 nat64 enable
 ipv6 address FE80::1:1:1 link-local
 ipv6 address 2001:2525:3164:1000::1/64
 ipv6 nd other-config-flag
 ipv6 dhcp server myPool
 ipv6 ospf 99 area 0
!
interface GigabitEthernet0/0/0
 ip address 194.10.83.2 255.255.255.248
 duplex auto
 speed auto
 nat64 enable
!
interface Serial0/1/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/1/1
 no ip address
 shutdown
 clock rate 2000000
!
router ospfv3 99
 router-id 0.0.0.1
 !
 address-family ipv6 unicast
 exit-address-family
!
router rip
 version 2
 network 194.10.83.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
nat64 v4 pool pool1 194.10.83.2 194.10.83.2
nat64 v6v4 list nat64ACL pool pool1 overload
!
ipv6 access-list nat64ACL
 permit ipv6 2001:2525:3164:1000::/56 any
!
control-plane
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password emf
 login
 transport input none
!
scheduler allocate 20000 1000
ntp server 2001:2525:3164:1F::
!
end

bourquid · ‎06-08-2017

okey I found the solution: the v4 pool can't be in the same subnet as the interface is. with an IP in another subnet everything works fine.