Wednesday, January 14, 2009

IPv6 NAT-PT

This is a very simple IPv6 NAT-PT scenario. Here is the topology and addressing:


R1 is an IPv6 only host and R2 is an IPv4 only host.
R1 should use address 2001:23::2 to reach R2.
R2 should use 192.168.13.1 to reach R1.
R3 will be doing NAT-PT

Assign addresses per the diagram. The rest of the configuration is on R3.

R3(config)#int e0/0
R3(config-if)#ipv6 nat
R3(config-if)#int e0/1
R3(config-if)#ipv6 nat
R3(config)#ipv6 nat v4v6 source 192.168.23.2 2001:23::2
R3(config)#ipv6 nat v6v4 source 2001:13::1 192.168.13.1
R3(config)#ipv6 nat prefix 2001:23::/96

Remember to assing default gateways on R1 and R2:

R1(config)#ipv6 route 0::/0 2001:13::3

R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.23.3

Let's ping from R1 while debugging on R3:

R3#debug ipv6 nat
IPv6 NAT-PT debugging is on

R1#ping 2001:23::2 re 1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 2001:23::2, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 4/4/4 ms
R1#

R3#
*Mar 1 13:51:12.323: IPv6 NAT: icmp src (2001:13::1) -> (192.168.13.1), dst (2001:23::2) -> (192.168.23.2)
*Mar 1 13:51:12.327: IPv6 NAT: src (192.168.23.2) -> (2001:23::2), dst (192.168.13.1) -> (2001:13::1)
R3#

Now let's try the other way:

R2#ping 192.168.13.1 re 1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.13.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 8/8/8 ms
R2#

R3#
*Mar 1 13:53:00.991: IPv6 NAT: src (192.168.23.2) -> (2001:23::2), dst(192.168.13.1) -> (2001:13::1)
*Mar 1 13:53:00.995: IPv6 NAT: icmp src (2001:13::1) -> (192.168.13.1), dst (2001:23::2) -> (192.168.23.2)
R3#

You can view the translations on R3:

R3#sho ipv6 nat translations
Prot IPv4 source IPv6 source
IPv4 destination IPv6 destination
--- --- ---
192.168.23.2 2001:23::2

--- 192.168.13.1 2001:13::1
192.168.23.2 2001:23::2

--- 192.168.13.1 2001:13::1
--- ---


That's it!

5 comments:

  1. you sure this works? what are you addresses on the edge routers?

    R3 IPv6 side: 2001:13::3
    R3 IPv4 side: 192.168.23.3

    R1 side: ?
    R2 side: ?

    ReplyDelete
  2. while pinging from R1 to R2 alternate ping is getting dropped.

    could see that there was no reply from R2 for alternate sequence numbers.

    ReplyDelete
  3. Router# debug ipv6 nat
    ^
    % Invalid input detected at '^' marker.
    I dont understand this wrong

    ReplyDelete
    Replies
    1. eh eh eh.. That's a cool wrong dude!

      Delete

Note: Only a member of this blog may post a comment.