01-18-2016 10:19 PM - edited 03-01-2019 05:49 PM
Kindly guide us on implementation of IPv6. Which configuration we require to do as there 2 option here. One is NAT-PT and other is NAT 64.As per our knowledge we require to configure NAT64 on both interface as show in figure. we configure also IPv6 Unicast routing.? what else we require to configure regarding IPv6 so USER A can access web server over IPv6.
Please suggest what other configuration that are require to do.?
Thanks
01-18-2016 11:24 PM
Don't use either. They are yucky.
Why can't you roll out IPv6 on your firewall and web server, and run them dual stack?
01-19-2016 02:43 AM
Philip,
Well, NAT-PT is yucky indeed, and Cisco's implementation wasn't particularly bug-free to my personal experience. NAT64/DNS64 is actually a quite nice solution - with limitations, of course. Nothing beats native connectivity.
In any case, my question to the original poster is: Does the User A have a native IPv6 connectivity? According to the figure, it does not seem to be the case - and that would mean that the NAT64 is not applicable.
Perhaps the figure should be updated to more precisely indicate the boundaries of IPv4 and IPv6 connectivity.
Best regards,
Peter
01-19-2016 09:12 PM
Dear Philip and Peter,
Thanks for your Suggestion, But Can you help us on NAT 64 configuration part?
Here, I illustrate a simple network because we want to configure NAT64 on Cisco router.
The USER A may have ipv4 or IPv6 connectivity but my WAN interface is IPv6 so whenever USER A come for Web server access the USER A request will hit IPv6 and then it hit to Local IP of web server which is IPv4.
In this case, which configuration is require on Cisco router.? we search the document regarding this, but we didnt find any concrete solution.?
Thanks,
KR Shah
01-19-2016 10:16 PM
I personally think you are going the wrong way, and should be dual stacking. However you can choose to ignore this advise. This is an example of using NAT64.
https://supportforums.cisco.com/document/112121/ipv6-stateful-nat64-configuration-example
01-20-2016 12:51 AM
Dear Philip,
Thanks for your input. But Our WAN IP is IPv6 address which configured on one interface of router, so my concern is how Cisco router will take ipv4 request over the internet..? for that i need to configure NAT64 right..? because it converts 4 to 6 and 6 to 4... Please correct me if i am wrong.
Thanks,
KR Shah
01-20-2016 12:15 PM
On the outside of your router you will have both an IPv4 and an IPv6 address configure. Configure an IPv4 and an IPv6 address on the inside of your router, and on the servers that should be accessible via IPv6.
The router (and servers) will then process both IPv4 and IPv6 requests, natively, with no nasty NAT64.
01-20-2016 08:36 PM
Dear Philip,
Thanks for your input. We search about NAT64 config example and we found one of the below. We tested in our scenario.
interface GigabitEthernet0/0
description ipv6 lan
no ip address
ip flow ingress
ip flow egress
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address 2001:470:C021:1::1/64
ipv6 enable
ipv6 nat
!
interface GigabitEthernet0/1
description lan
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
media-type rj45
ipv6 enable
ipv6 nat
end
!
ipv6 access-list myv6
remark ipv6 internal network
permit ipv6 2001:470:C021:1::/64 any
ipv6 nat v4v6 source 192.168.0.2 2001:178:178::1
ipv6 nat v6v4 source list myv6 interface GigabitEthernet0/1 overload
ipv6 nat prefix 2001:178:178::/96
We configure as it and we able to access Ipv4 server from Ipv6 user with Ip address of 2001:178:178::1 but this is fake ip. is it possible to configure same configuration without fake ip. means can i use ipv6 nat v4v6 source 192.168.0.2 2001:470:C021:1::4
Please guide us if you can.
Thanks
KR Shah
01-20-2016 08:39 PM
Has your service provider allocate you some IPv6 address space? You need some real address space first.
01-20-2016 08:42 PM
yes, the will provide us real IP address.
01-20-2016 08:44 PM
So is 2001:470:C021:1::1/64 part of the block you have been allocated by the ISP?
Maybe I have mis-understood. When you were referring to "fake ip" which IP address did you mean in particular?
01-20-2016 08:46 PM
You should probably be using something more like (assuming 2001:470:C021:1::2 is not in use), as this is part of the range you have been allocated.
ipv6 nat v4v6 source 192.168.0.2 2001:470:C021:1::2
01-20-2016 09:01 PM
but Philip 2001:470:C021:1::4 is also the part of range.
Thanks,
KR Shah
01-20-2016 09:16 PM
Has the ISP routed any other IPv6 prefixes to you?
01-20-2016 09:19 PM
no
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide