Philip,

Well, NAT-PT is yucky indeed, and Cisco's implementation wasn't particularly bug-free to my personal experience. NAT64/DNS64 is actually a quite nice solution - with limitations, of course. Nothing beats native connectivity.

In any case, my question to the original poster is: Does the User A have a native IPv6 connectivity? According to the figure, it does not seem to be the case - and that would mean that the NAT64 is not applicable.

Perhaps the figure should be updated to more precisely indicate the boundaries of IPv4 and IPv6 connectivity.

Best regards,
Peter

Dear Philip and Peter,

Thanks for your Suggestion, But  Can you help us on NAT 64 configuration part?

Here, I illustrate a simple network because we want to configure NAT64 on Cisco router.

The USER A may have ipv4 or IPv6 connectivity but my WAN interface is IPv6 so whenever USER A come for Web server access the USER A request will hit IPv6 and then it hit to Local IP of web server which is IPv4.

In this case, which configuration is require on Cisco router.? we search the document regarding this, but we didnt find any concrete solution.?

Thanks,

KR Shah

I personally think you are going the wrong way, and should be dual stacking.  However you can choose to ignore this advise.  This is an example of using NAT64.

https://supportforums.cisco.com/document/112121/ipv6-stateful-nat64-configuration-example

Dear Philip,

Thanks for your input. But Our WAN IP is IPv6 address which configured on one interface of router, so my concern is how Cisco router will take ipv4 request over the internet..? for that i need to configure NAT64 right..? because it converts 4 to 6 and 6 to 4... Please correct me if i am wrong.

Thanks,

KR Shah

On the outside of your router you will have both an IPv4 and an IPv6 address configure.  Configure an IPv4 and an IPv6 address on the inside of your router, and on the servers that should be accessible via IPv6.

The router (and servers) will then process both IPv4 and IPv6 requests, natively, with no nasty NAT64.

Dear Philip,

Thanks for your input. We search about NAT64 config example and we found one of the below. We tested in our scenario.

interface GigabitEthernet0/0
 description ipv6 lan
 no ip address
 ip flow ingress
 ip flow egress
 ip virtual-reassembly in
 duplex auto
 speed auto
   ipv6 address 2001:470:C021:1::1/64
 ipv6 enable
 ipv6 nat

!
interface GigabitEthernet0/1
 description  lan
 ip address 192.168.0.1 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 ipv6 enable
 ipv6 nat
end

!
ipv6 access-list myv6
    remark   ipv6 internal network
    permit ipv6 2001:470:C021:1::/64 any

ipv6 nat v4v6 source 192.168.0.2 2001:178:178::1
ipv6 nat v6v4 source list myv6 interface GigabitEthernet0/1 overload
ipv6 nat prefix 2001:178:178::/96

We configure as it  and we able to access Ipv4  server from Ipv6 user with Ip address of 2001:178:178::1 but this is fake ip. is it possible to configure same configuration without fake ip. means can i use ipv6 nat v4v6 source 192.168.0.2 2001:470:C021:1::4

Please guide us if you can.

Thanks

KR Shah

Has your service provider allocate you some IPv6 address space?  You need some real address space first.

yes, the will provide us real IP address.

So is  2001:470:C021:1::1/64 part of the block you have been allocated by the ISP?

Maybe I have mis-understood.  When you were referring to "fake ip" which IP address did you mean in particular?

You should probably be using something more like (assuming 2001:470:C021:1::2 is not in use), as this is part of the range you have been allocated.

ipv6 nat v4v6 source 192.168.0.2 2001:470:C021:1::2

but Philip 2001:470:C021:1::4 is also the part of range.

Thanks,

KR Shah

Has the ISP routed any other IPv6 prefixes to you?

no