05-26-2020 09:35 PM
I cannot seem to get a basic NAT64 configuration working on a Cisco 4321. The config has been reset; and only the following changes:
ipv6 unicast-routing
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface GigabitEthernet0/0/0
description IPv6
ipv6 address AB:CD:EF:CAFE::1/64
ipv6 enable
nat64 enable
!
interface GigabitEthernet0/0/1
description IPv4
ip address X.Y.Z.128 255.255.255.254
nat64 enable
!
ipv6 access-list ENABLED_NAT64
permit ipv6 any any
!
nat64 prefix stateful AB:CD:EF:64::/96
nat64 v4 pool POOL X.Y.Z.130 X.Y.Z.191
nat64 v6v4 list ENABLED_NAT64 pool POOL
!
Based on the documentation the above should be all that's needed. So we do a simple ping test to validate NAT64 translations:
Router#ping AB:CD:EF:64::8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to AB:CD:EF:64::808:808, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Router#
No observed translations. We conclude that the NAT64 process either did not [1] see the packets or [2] translate them.
Router#show nat64 translations Proto Original IPv4 Translated IPv4 Translated IPv6 Original IPv6 ---------------------------------------------------------------------------- Total number of translations: 0 Router#
The NAT64 prefix is setup..
Router#show nat64 prefix stateful global Global Stateful Prefix: is valid, AA:BB:CC:64::/96 IFs Using Global Prefix Gi0/0/0 Gi0/0/1 Router#
The next hop is the NAT Virtual Interface. So this appears to be a NAT64 issue, not a routing issue.
Router#show ipv6 cef AA:BB:CC:64::8.8.8.8 AA:BB:CC:64::/96 nexthop ::100.0.0.1 NVI0 Router#
Not sure what's going on. Turned on some debugging to get a pointer in the right direction.
Router#debug ip icmp ICMP packet debugging is on Router#debug ipv6 icmp ICMPv6 Packet debugging is on Router#debug nat64 all NAT64 debugging is on Router# Router#ping AA:BB:CC:64::8.8.8.8 repeat 2 Type escape sequence to abort. Sending 2, 100-byte ICMP Echos to AA:BB:CC:64::808:808, timeout is 2 seconds: *May 27 04:17:35.873: ICMPv6: Sent echo request, src=AA:BB:CC:CAFE::1, Dst=AA:BB:CC:64::808:808. *May 27 04:17:37.872: ICMPv6: Sent echo request, src=AA:BB:CC:CAFE::1, Dst=AA:BB:CC:64::808:808. Success rate is 0 percent (0/2) Router#
I'm at a loss. The router appears to be routing packets to the NVI, however, it's like the NVI does not see them (or at very least never attempts to translate).
Also, I had NAT64 working a while back during testing. I'm revisiting it now and I can't seem to get to that same point. Something simple must be missing, but I can't identify it.
This is done with a Cisco 4321 running 15.5(3)S6.
Solved! Go to Solution.
05-27-2020 08:03 AM - edited 05-27-2020 08:09 AM
Your configuration looks good. The issue is that the ping won't work if you are pinging from the router itself. For NAT to work the traffic needs to ingress the nat64 interfaces. You could attach a device to the Gi0/0/0 and ping from it.
Regards,
05-27-2020 08:03 AM - edited 05-27-2020 08:09 AM
Your configuration looks good. The issue is that the ping won't work if you are pinging from the router itself. For NAT to work the traffic needs to ingress the nat64 interfaces. You could attach a device to the Gi0/0/0 and ping from it.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide