Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2308
Views
5
Helpful
8
Replies

Give access to IPv4 Internet Clients to my IPv6 network sites.

Go to solution
JulioGarcia
Level 1
Level 1

‎02-03-2022 01:09 PM

Greetings I have configure my Cisco to work in dual stack mode. I have a public IPv6 address, but my IPv4 addresss is behind CG-NAT. My web and mail server could be access from the Internet using IPv6 address. The main device is my Cisco 887VAG2 ISR (with IOS 15.9.3 installed). Individuals who want to access our web page from an IPv4 only network cannot access it, either the ones who wants to use our mail servcies. This is new. My ISP have change our IPv4 public address to a CG-NATed one since two months ago. But the IPv6 address that they provided is public. Have recovered some of the clients but they have dual or ipv6 add. only. I need to recover the connectivity for those that are from IPv4 only networks. What configurations i need to do on my Cisco to connect the IPv4 Internet clients to my IPv6  sites? Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to JulioGarcia

‎06-10-2022 01:10 AM

Hola,

 

the config looks good. When you turn on debugging (debug nat64 all) and your external client hits 192.168.7.1, does anything happen at all ?

 

I wonder if it works with the 'old' ipv6 nat:

 

ipv6 nat v6v4 source ipv6_address 192.168.7.1

 

That of course would involve reconfiguring the entire router back to ipv6 nat...

View solution in original post

0 Helpful
8 Replies 8

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-03-2022 04:46 PM

Can you post the configuration (removing password information)

 

if the external people need to contact local ipv4 address, then you need NAt ipv6 to ipv4, also your DNS pointing to new ipv6 address?

is this IPv6 address fxed ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
JulioGarcia
Level 1
Level 1
In response to balaji.bandi

‎02-04-2022 08:50 AM

Greetings Mr. Balaji! Here's my configuration. 

 

Building configuration...


Current configuration : 38721 bytes
!
! Last configuration change at 03:56:17 UTC Fri Feb 4 2022 by Username
!
version 15.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AEI887ISR
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-979907842
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-979907842
revocation-check none
rsakeypair TP-self-signed-979907842
!
!
crypto pki certificate chain TP-self-signed-979907842
certificate self-signed 01
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.85.55
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool INTRANETv4
import all
network 10.10.85.0 255.255.255.128
default-router 10.10.85.55
dns-server 1.1.1.1 1.0.0.1 10.10.85.3
lease 0 2
!
ip dhcp pool Tenda_263130
host 10.10.85.1 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
ip dhcp pool Tenda_49C048
host 10.10.85.2 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
ip dhcp pool SERVER000
host 10.10.85.3 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX.
default-router 10.10.85.55
!
ip dhcp pool ProjectorPC
host 10.10.85.4 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
ip dhcp pool Workstation
host 10.10.85.5 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
ip dhcp pool Workstation2
host 10.10.85.6 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
ip dhcp pool Workstation3
host 10.10.85.7 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
!
!
no ip domain lookup
ip name-server 10.10.85.3
ip name-server 2606:4700:4700::1111
ip name-server 2606:4700:4700::1001
ip dhcp-server 10.10.85.55
ip cef
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool INTRANETv6
dns-server 2606:4700:4700::1111
dns-server 2606:4700:4700::1001
import information refresh
!
!
multilink bundle-name authenticated
chat-script cdma "" "atdt#777" TIMEOUT 60 "CONNECT"
license udi pid C887VAG-S-K9 sn FTX17318514
!
!
object-group network local_lan_subnets
10.10.85.0 255.255.255.128
10.10.10.0 255.255.255.248
!
username Username privilege 15 secret 9
!
!
!
!
!
controller VDSL 0
operating mode adsl2+ annex A
sync mode itu
!
controller Cellular 0
no cdp run
!
!
interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
no ipv6 redirects
no ipv6 unreachables
!
interface ATM0.1 point-to-point
description DSL_Connection
no ip redirects
no ip unreachables
no ip proxy-arp
no ipv6 redirects
no ipv6 unreachables
pvc 8/81
tx-ring-limit 2
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Cellular0
no ip address
encapsulation ppp
shutdown
dialer in-band
dialer string cdma
!
interface Vlan1
description Main_LAN
ip address 10.10.10.1 255.255.255.248 secondary
ip address 10.10.85.55 255.255.255.128
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ipv6 address INFINITUM-PD ::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 nd ra dns server 2606:4700:4700::1111
ipv6 nd ra dns server 2606:4700:4700::1001
ipv6 tcp adjust-mss 1432
ipv6 traffic-filter INTERNET-OUT out
ipv6 virtual-reassembly in
!
interface Dialer1
description INFINITUM_WAN
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip virtual-reassembly out
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ipv6 address autoconfig default
ipv6 enable
ipv6 mtu 1472
no ipv6 redirects
no ipv6 unreachables
ipv6 tcp adjust-mss 1432
ipv6 dhcp client pd hint ::/60
ipv6 dhcp client pd INFINITUM-PD rapid-commit
ipv6 traffic-filter INTERNET-IN in
ipv6 virtual-reassembly in
ipv6 virtual-reassembly out
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname myusername
ppp chap password 0 mypassword
ppp pap sent-username myusername password 0 mypassword
waas enable
!
ip default-gateway 10.10.85.55
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list nat-list interface Dialer1 overload
ip nat inside source static 10.10.85.3 interface Dialer1
ip nat inside source static tcp 10.10.85.3 21 interface Dialer1 21
ip nat inside source static tcp 10.10.85.3 25 interface Dialer1 25
ip nat inside source static tcp 10.10.85.3 53 interface Dialer1 53
ip nat inside source static tcp 10.10.85.3 80 interface Dialer1 80
ip nat inside source static tcp 10.10.85.3 110 interface Dialer1 110
ip nat inside source static tcp 10.10.85.3 143 interface Dialer1 143
ip nat inside source static tcp 10.10.85.3 443 interface Dialer1 443
ip nat inside source static tcp 10.10.85.3 465 interface Dialer1 465
ip nat inside source static tcp 10.10.85.3 587 interface Dialer1 587
ip nat inside source static tcp 10.10.85.3 990 interface Dialer1 990
ip nat inside source static tcp 10.10.85.3 995 interface Dialer1 995
ip nat inside source static tcp 10.10.85.3 3306 interface Dialer1 3306
ip nat inside source static tcp 10.10.85.3 65230 interface Dialer1 65230
ip nat inside source static tcp 10.10.85.3 65231 interface Dialer1 65231
ip nat inside source static tcp 10.10.85.3 65232 interface Dialer1 65232
ip nat inside source static tcp 10.10.85.3 65233 interface Dialer1 65233
ip nat inside source static tcp 10.10.85.3 65234 interface Dialer1 65234
ip nat inside source static tcp 10.10.85.3 65235 interface Dialer1 65235
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
!
ip access-list extended nat-list
permit icmp any any
permit ip object-group local_lan_subnets any
permit tcp any any
permit udp any any
deny ip any any
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 ioam timestamp
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.85.0 0.0.0.10
!
ipv6 access-list INTERNET-IN
permit icmp any any
permit tcp any any
permit udp any any
!
ipv6 access-list INTERNET-OUT
permit icmp any any
permit tcp any any
permit udp any any
!
control-plane
!
!

 

Thanks in advance.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to JulioGarcia

‎02-04-2022 09:56 AM

Hello,

 

add/change the lines marked in bold. Replace the IPv6 address with the real IPv6 address of the server:

 

Current configuration : 38721 bytes
!
! Last configuration change at 03:56:17 UTC Fri Feb 4 2022 by Username
!
version 15.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AEI887ISR
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-979907842
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-979907842
revocation-check none
rsakeypair TP-self-signed-979907842
!
crypto pki certificate chain TP-self-signed-979907842
certificate self-signed 01
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.85.55
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool INTRANETv4
import all
network 10.10.85.0 255.255.255.128
default-router 10.10.85.55
dns-server 1.1.1.1 1.0.0.1 10.10.85.3
lease 0 2
!
ip dhcp pool Tenda_263130
host 10.10.85.1 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
ip dhcp pool Tenda_49C048
host 10.10.85.2 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
ip dhcp pool SERVER000
host 10.10.85.3 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX.
default-router 10.10.85.55
!
ip dhcp pool ProjectorPC
host 10.10.85.4 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
ip dhcp pool Workstation
host 10.10.85.5 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
ip dhcp pool Workstation2
host 10.10.85.6 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
ip dhcp pool Workstation3
host 10.10.85.7 255.255.255.128
client-identifier XXXX.XXXX.XXXX.XXXX
default-router 10.10.85.55
!
no ip domain lookup
ip name-server 10.10.85.3
ip name-server 2606:4700:4700::1111
ip name-server 2606:4700:4700::1001
ip dhcp-server 10.10.85.55
ip cef
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool INTRANETv6
dns-server 2606:4700:4700::1111
dns-server 2606:4700:4700::1001
import information refresh
!
multilink bundle-name authenticated
chat-script cdma "" "atdt#777" TIMEOUT 60 "CONNECT"
license udi pid C887VAG-S-K9 sn FTX17318514
!
!
object-group network local_lan_subnets
10.10.85.0 255.255.255.128
10.10.10.0 255.255.255.248
!
username Username privilege 15 secret 9
!
controller VDSL 0
operating mode adsl2+ annex A
sync mode itu
!
controller Cellular 0
no cdp run
!
interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
no ipv6 redirects
no ipv6 unreachables
!
interface ATM0.1 point-to-point
description DSL_Connection
no ip redirects
no ip unreachables
no ip proxy-arp
no ipv6 redirects
no ipv6 unreachables
pvc 8/81
tx-ring-limit 2
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
interface FastEthernet0
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Cellular0
no ip address
encapsulation ppp
shutdown
dialer in-band
dialer string cdma
!
interface Vlan1
description Main_LAN
ip address 10.10.10.1 255.255.255.248 secondary
ip address 10.10.85.55 255.255.255.128
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ipv6 address INFINITUM-PD ::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 nd ra dns server 2606:4700:4700::1111
ipv6 nd ra dns server 2606:4700:4700::1001
ipv6 tcp adjust-mss 1432
ipv6 traffic-filter INTERNET-OUT out
ipv6 virtual-reassembly in
!
interface Dialer1
description INFINITUM_WAN
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip virtual-reassembly out
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ipv6 address autoconfig default
ipv6 enable
ipv6 mtu 1472
no ipv6 redirects
no ipv6 unreachables
ipv6 tcp adjust-mss 1432
ipv6 dhcp client pd hint ::/60
ipv6 dhcp client pd INFINITUM-PD rapid-commit
ipv6 traffic-filter INTERNET-IN in
ipv6 virtual-reassembly in
ipv6 virtual-reassembly out
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname myusername
ppp chap password 0 mypassword
ppp pap sent-username myusername password 0 mypassword
waas enable
!
--> no ip default-gateway 10.10.85.55
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list nat-list interface Dialer1 overload
ip nat inside source static 10.10.85.3 interface Dialer1
ip nat inside source static tcp 10.10.85.3 21 interface Dialer1 21
ip nat inside source static tcp 10.10.85.3 25 interface Dialer1 25
ip nat inside source static tcp 10.10.85.3 53 interface Dialer1 53
ip nat inside source static tcp 10.10.85.3 80 interface Dialer1 80
ip nat inside source static tcp 10.10.85.3 110 interface Dialer1 110
ip nat inside source static tcp 10.10.85.3 143 interface Dialer1 143
ip nat inside source static tcp 10.10.85.3 443 interface Dialer1 443
ip nat inside source static tcp 10.10.85.3 465 interface Dialer1 465
ip nat inside source static tcp 10.10.85.3 587 interface Dialer1 587
ip nat inside source static tcp 10.10.85.3 990 interface Dialer1 990
ip nat inside source static tcp 10.10.85.3 995 interface Dialer1 995
ip nat inside source static tcp 10.10.85.3 3306 interface Dialer1 3306
ip nat inside source static tcp 10.10.85.3 65230 interface Dialer1 65230
ip nat inside source static tcp 10.10.85.3 65231 interface Dialer1 65231
ip nat inside source static tcp 10.10.85.3 65232 interface Dialer1 65232
ip nat inside source static tcp 10.10.85.3 65233 interface Dialer1 65233
ip nat inside source static tcp 10.10.85.3 65234 interface Dialer1 65234
ip nat inside source static tcp 10.10.85.3 65235 interface Dialer1 65235
--> ipv6 nat v4v6 10.10.85.3 2001:13:0:1::1
--> ipv6 nat v6v4 2001:13:0:1::1 10.10.85.3
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
!
ip access-list extended nat-list
permit icmp any any
permit ip object-group local_lan_subnets any
permit tcp any any
permit udp any any
deny ip any any
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 ioam timestamp
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.85.0 0.0.0.10
!
ipv6 access-list INTERNET-IN
permit icmp any any
permit tcp any any
permit udp any any
!
ipv6 access-list INTERNET-OUT
permit icmp any any
permit tcp any any
permit udp any any
!
control-plane

0 Helpful

Go to solution
JulioGarcia
Level 1
Level 1
In response to Georg Pauwen

‎02-04-2022 03:00 PM

I made the changes. But nothing happened yet. this is what sh ipv6 nat trans commnad throws:

AEI887ISR#sh ipv6 nat trans
Prot IPv4 source IPv6 source
IPv4 destination IPv6 destination
--- --- ---
10.10.85.3 2806:109F:1A:1977:55A0:6CF9:1655:3065

--- 10.10.85.3 2806:109F:1A:1977:55A0:6CF9:1655:3065
--- ---

 

Do i need to make another config?

 

0 Helpful

Go to solution
JulioGarcia
Level 1
Level 1

‎02-24-2022 11:47 AM

Greetings! Here, is a diagram of what i need to achieve.

IMG_20220215_123134.png

 I need to give access to the client ipv4 server. My ipv4 public address is CG-Natted, I only have ipv6 public prefix. Thanks in advanced.

Go to solution
JulioGarcia
Level 1
Level 1

‎06-03-2022 11:42 AM - edited ‎06-03-2022 11:51 AM

Greetings! I have achieved part of the translation. My internal ipv4 clients could access the website on the ipv6 server, but the external ipv4 client can not. My ipv4 address on the internet side is private, my ISP is using CGNAT.

 

Here my current config:

 

ip dhcp snooping vlan 1
ip dhcp snooping
ip name-server FE80::1A03:73FF:FEB0:9DAE
ip name-server 2806:109F:1A:F06D:1A03:73FF:FEB0:9DAE
ip name-server 192.168.7.1
ip name-server 10.10.85.3
ip cef
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool INTRANETv6
dns-server FE80::1A03:73FF:FEB0:9DAE
dns-server 2806:109F:1A:F06D:1A03:73FF:FEB0:9DAE
!
!
!
multilink bundle-name authenticated
chat-script cdma "" "atdt#777" TIMEOUT 60 "CONNECT"
license udi pid C887VAG-S-K9 sn FTX17318514
!
!
object-group network local_lan_subnets
10.10.85.0 255.255.255.128
!
!
controller VDSL 0
operating mode adsl2+ annex A
sync mode itu
sra
!
controller Cellular 0
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description DSL_Connection
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/81
tx-ring-limit 2
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
ip dhcp snooping trust
!
interface FastEthernet1
switchport mode trunk
no ip address
duplex full
speed 100
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Cellular0
no ip address
encapsulation ppp
no logging event link-status
shutdown
dialer in-band
dialer string cdma
!
interface Vlan1
ip address 10.10.85.55 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
nat64 enable
!
interface Vlan2
no ip address
nat64 enable
ipv6 address INFINITUM-PD ::1/64
ipv6 enable
ipv6 tcp adjust-mss 1432
!
interface Dialer1
description INFINITUM_WAN
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
nat64 enable
ipv6 address autoconfig default
ipv6 enable
ipv6 mtu 1472
no ipv6 redirects
no ipv6 unreachables
ipv6 tcp adjust-mss 1432
ipv6 dhcp client pd INFINITUM-PD rapid-commit
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname username
ppp chap password 0 password
ppp pap sent-username username password 0 password
ppp ipcp dns reject
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list nat-list interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
!
ip access-list extended nat-list
permit icmp object-group local_lan_subnets any
permit ip object-group local_lan_subnets any
permit tcp object-group local_lan_subnets any
permit udp object-group local_lan_subnets any
deny ip any any
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
nat64 prefix stateful 2806:109F:1A::/96
nat64 v6v4 static 2806:109F:1A:F06D:1A03:73FF:FEB0:9DAE 192.168.7.1
ipv6 ioam timestamp
!
access-list 23 permit 10.10.85.0 0.0.0.7
!
ipv6 access-list nat64acl
sequence 1 permit ipv6 2806:109F:1A::/64 any
!

 

With that configuration all the internal IPv4 Clienst can access my IPv6 website. But external IPv4 clients could not. On the IPv6 side, all internal and external could access the website.

Here the sh nat64 statis results:

NAT64 Statistics

Number of NAT64 enabled interfaces: 3

Number of packets translated by stateless NAT64:
Packets translated (IPv4 -> IPv6): 0
Packets translated (IPv6 -> IPv4): 0

Number of packets translated by stateful NAT64:
Packets translated (IPv4 -> IPv6): 511
Packets translated (IPv6 -> IPv4): 494

Number of packets translated by MAP-T:
Packets translated (IPv4 -> IPv6): 0
Packets translated (IPv6 -> IPv4): 0

Number of packets processed by MAP-E:
Packets processed (IPv4 -> IPv6): 0
Packets processed (IPv6 -> IPv4): 0

Global Statistics
Prefix: 64:FF9B::/96
Packets translated (IPv4 -> IPv6): 0
Packets translated (IPv6 -> IPv4): 0
Packets dropped: 0
Prefix: 2806:109F:1A::/96
Packets translated (IPv4 -> IPv6): 41
Packets translated (IPv6 -> IPv4): 21
Packets dropped: 0
Interface Statistics

Total active translations: 1(1 static, 0 dynamic,0 extended)
Active sessions: 0
Number of expired entries: 62

Number of packets:
CEF Translated: 1005 CEF Punted packets: 0
Dropped: 5
Hits: 943 Misses: 62
Dynamic Mapping Statistics
Limit Statistics
Maximum entries limit not configured

 

And my sh nat64 trans, only triggered when internal IPv4 client access the IPv6 website; althouhg it doesn´t triggers when outside IPv4 clients tries to access:

Proto Original IPv4 Translated IPv4
Translated IPv6 Original IPv6
--------------------------------------------------------
tcp 10.10.85.5:56342 [2806:109F:1A::A0A:5505]:56342
192.168.7.1:80 [2806:109F:1A:F06D:1A03:73FF:FEB0:9DAE]:80
tcp 10.10.85.5:56343 [2806:109F:1A::A0A:5505]:56343
192.168.7.1:80 [2806:109F:1A:F06D:1A03:73FF:FEB0:9DAE]:80
tcp 10.10.85.5:56359 [2806:109F:1A::A0A:5505]:56359
192.168.7.1:80 [2806:109F:1A:F06D:1A03:73FF:FEB0:9DAE]:80
tcp 10.10.85.5:56360 [2806:109F:1A::A0A:5505]:56360
192.168.7.1:80 [2806:109F:1A:F06D:1A03:73FF:FEB0:9DAE]:80
--- --- ---
192.168.7.1 2806:109F:1A:F06D:1A03:73FF:FEB0:9DAE

 

Notes:

Server IPv6 address 

2806:109F:1A:F06D:1A03:73FF:FEB0:9DAE

IPv4 address on Dialer Interface (My ISP applied CGNAT): 

10.134.190.182/32

The shared Public Address.

187.136.102.38 

 

Also I´m using Ubuntu 22.04, with Bind9 as DNS64 server, and Apache for Webserver.

Thanks in advanced.

0 Helpful

Go to solution
JulioGarcia
Level 1
Level 1
In response to JulioGarcia

‎06-09-2022 11:02 PM

Greetings @Georg Pauwen , @balaji.bandi 

Hope you are doing well. What do you think about the matter. Thanks in advanced.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to JulioGarcia

‎06-10-2022 01:10 AM

Hola,

 

the config looks good. When you turn on debugging (debug nat64 all) and your external client hits 192.168.7.1, does anything happen at all ?

 

I wonder if it works with the 'old' ipv6 nat:

 

ipv6 nat v6v4 source ipv6_address 192.168.7.1

 

That of course would involve reconfiguring the entire router back to ipv6 nat...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card