Stateful NAT64 is a Network Address Translation mechanism for translating IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it is called stateful because it creates or modifies bindings or session state while performing translation. It supports both IPv6-initiated and IPv4-initiated communications using static or manual mappings. In this document, stateful NAT64 uses static IPv6 to IPv4 mapping for address translations.
Understanding of IPv6 Addressing Scheme
In this configuration example, routers R1,R2 and R3 are connected via fast Ethernet interface.Loopback addresses are configured to generate networks.
The router R1 is IPv6only router which runs RIPv6 with the ASR (Router R2).Similarly the router R3 is IPv4 only router that uses OSPF to communicate with the ASR. The network address translations happen in ASR router using static IPv6 to IPv6 mappings.
Note: All configurations are tested in a lab environment on Cisco 2800 Routers operating on Cisco IOS 15.2 and ASR operating on Cisco IOS-XE 15.1(3)S4version.
NAT64 Interface Configuration
ipv6 address <Specify an IPv6 address>
NAT64 Mapping Configuration
nat64 prefix stateful <prefix>
Note: The above command enables the router to translate the source IP address to IPv6 by using the Stateful NAT64 prefix
4. nat64 v6v4 <static><ipv6-address ipv4-address>
IPv6 Only Router
IPv4 Only Router
IPv6 Only_Router R1#show run Building configuration...
! version 15.2 ! hostname IPv6 Only_Router R1 ! ! ip cef ipv6 unicast-routing ipv6 cef ! ! interface Loopback0 no ip address ipv6 address AB00::1/128 ipv6 rip RIP enable ! interface Loopback1 no ip address ipv6 address AB01::1/128 ipv6 rip RIP enable ! interface FastEthernet0/0 duplex auto speed auto ipv6 address 2001::A00:A/128 ipv6 rip RIP enable ! ! ipv6 router rip RIP ! ! end
ASR Router R2#show run Building configuration...
! version 15.1 ! hostname ASR Router R2 ! ! ipv6 unicast-routing ! ! interface Loopback0 no ip address ipv6 address BB10::1/128 ! interface Loopback1 ip address 188.8.131.52 255.255.255.255 ! ! interface FastEthernet0/2/6 ip address 10.0.0.2 255.255.255.0 negotiation auto nat64 enable ! interface FastEthernet0/2/7 no ip address negotiation auto ipv6 address 2001::A00:B/128 ipv6 rip RIP enable ipv6 rip RIP default-information only nat64 enable ! ! router ospf 1 network 184.108.40.206 0.0.0.0 area 1 network 10.0.0.0 0.0.0.255 area 0 ! ! ipv6 router rip RIP ! ! ! nat64 prefix stateful 3001::/96 nat64 v6v4 static 2001::A00:A 10.0.0.10 ! end
IPv4 Only_router R3#show run Building configuration...
! version 15.2 ! hostname IPv4 Only_router R3 ! ip cef ipv6 unicast-routing ipv6 cef multilink bundle-name authenticated ! ! ! interface Loopback0 ip address 220.127.116.11 255.255.255.255 ! interface Loopback1 ip address 18.104.22.168 255.255.255.255 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto ! ! router ospf 1 network 22.214.171.124 0.0.0.0 area 1 network 126.96.36.199 0.0.0.0 area 0 network 10.0.0.0 0.0.0.255 area 0 ! ! end
Verifying Connectivity Using Ping Command
To verify whether the router R3 (IPv4 only network) is able to reach the router R1(IPv6 only network), use the ping command and verify the translations that happen by debug ipv6 icmp.
In router R3
Try ping router R1(IPv6 only network)which is represented by the IPv4 address 10.0.0.10. Enable debug ip icmp on router R3 and in router R1(IPv6 only network) enable debug ipv6 icmp
R3#debug ip icmp
ICMP packet debugging is on
R1#debug ipv6 icmp
ICMP Packet debugging is on
R3#ping 10.0.0.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1# *Sep 8 10:48:51.499: ICMPv6: Received echo request, src=3001::A00:1, Dst=2001::A00:A *Sep 8 10:48:51.499: ICMPv6: Sent echo reply, src=2001::A00:A, Dst=3001::A00:1 *Sep 8 10:48:51.503: ICMPv6: Received echo request, src=3001::A00:1, Dst=2001::A00:A *Sep 8 10:48:51.503: ICMPv6: Sent echo reply, src=2001::A00:A, Dst=3001::A00:1 *Sep 8 10:48:51.507: ICMPv6: Received echo request, src=3001::A00:1, Dst=2001::A00:A *Sep 8 10:48:51.507: ICMPv6: Sent echo reply, src=2001::A00:A, Dst=3001::A00:1 *Sep 8 10:48:51.511: ICMPv6: Received echo request, src=3001::A00:1, Dst=2001::A00:A *Sep 8 10:48:51.511: ICMPv6: Sent echo reply, src=2001::A00:A, Dst=3001::A00:1 *Sep 8 10:48:51.511: ICMPv6: Received echo request, src=3001::A00:1, Dst=2001::A00:A *Sep 8 10:48:51.515: ICMPv6: Sent echo reply, src=2001::A00:A, Dst=3001::A00:1
From the above debug output, you can see that the router R3(IPv4 only Router) is able to reach the router R1(IPv6 only router) using the static IPv4 address that we have assigned i.e.using 10.0.0.10
Similarly the router R1(IPv6 only router) debug output shows that the ICMP request is received from 3001::A00:1 which is nothing but the IPv4 address 10.0.0.1 when converted to hexadecimal becomes A00:1 and is added to the prefix 3001::/.In other words the IPv4 address 10.0.0.1 is translated to 3001::A00:1 when reaching the IPv6 enabled network.
The following show commands can be used to see NAT64 translations that happen in ASR router
Show nat64 mappings static
To display the information about the Network Address Translation 64 (NAT64) static mappings, use this command.
ASR Router R2#show nat64 mappings static
Static mappings configured: 1
Direction Protocol Address (Port, if any) Non-key Address (Port, if any)
v6v4 --- 2001::A00:A 10.0.0.10
Show nat64 adjacency ipv6
This command displays the information about the Network Address Translation 64 (NAT64) managed adjacencies.
Using this command, you can check the information about Network Address Translation 64 (NAT64) stateful prefixes. Global prefixes, nat64 configured intrerfaces and prefix static-routes will be displayed.
ASR Router R2#show nat64 prefix stateful global (Displays the global prefixes)
Global Stateful Prefix: is valid, 3001::/96
IFs Using Global Prefix
ASR Router R2#show nat64 prefix stateful static-routes (Displays the static-routes) Stateful Prefixes
NAT64 Prefix Static Route Ref-Count
ASR Router R2#show nat64 prefix stateful interfaces (Displays the nat64 enabled interfaces) Stateful Prefixes
Hi. I am using RV345 router.Whenever I click the apply button to save my firewall rules or something else, this router makes sessions like SSH disconnected.So, my services are disconnected.How can I solve this?
Hey folk, need expert advise, Actually my concer is ( user are sucessfully able to reach internet but DNS packet not capture on wireshark when i see what was the possible reasons why DNS packet to recieved infact user are sucessfully ping to dns ip a...
Hi,I need to install prime inf. v3.3 on cisco ucs c220M5 (UCSC -C220-M5SX) directly without any vmware licenses.When I did it, the server show me the follow mistake: Error parsing kickstart config: new lv is too large to fit in free space, smosvg.Someone ...
Hi, doing a school project with Cisco Packet Tracer. For some odd reason, I am unable to ping my PT servers despite having implemented OSPF in my 3 routers. Only HQ and Branch can ping the HQ & Branch Servers and Internet User and ISP can ping Web Ser...
Now, I'm a sysadmin. I believe in DevOps, love to automate. I've been relying on Cisco for almost two decades for what I've seen as simple networking - and in the last 10 years that just probably means "predictable", or something I'm used to. It works. I'...