Guest

IP Addressing Services

Static NAT-PT for IPv6 Configuration Example

Cisco - Static NAT-PT for IPv6 Configuration Example

Document ID: 113275

Updated: Sep 10, 2012

   Print

Introduction

The Network Address Translation - Port Translation (NAT-PT) is an IPv6 to IPv4 translation mechanism, which allows IPv6-only devices to communicate with IPv4-only devices and vice versa. NAT-PT is designed to be deployed to allow direct communication between IPv6-only networks and IPv4-only networks transparently that use a single V4 address.

This document explains how to implement Static NAT-PT that uses a configuration example where IPv6 network nodes communicate with IPv4 network nodes that use an IPv6 mapping of the IPv4 address configured on the NAT-PT router.

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:

  • Basic knowledge of NAT concepts and operations.

  • Basic knowledge of IPv6 Addressing Scheme

  • Basic knowledge of IPv6 Static Routing

Note: NAT-PT has been deemed deprecated by IETF because of its tight coupling with Domain Name System (DNS) and its general limitations in translation, and it has proven as technology to be too complex to maintain scalable translational services. With the deprecation of NAT-PT and the increasing IPv6 transition among users has led to the introduction of NAT64. Refer to these documents for more information on NAT64:

Components Used

The configurations in this document are based on the Cisco 3700 series router on Cisco IOS® Software Release 12.4 (15)T 13.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Configure

In this example, three routers R1, R2 and R3 are connected through a serial interface where R1 acts as NAT-PT router, which connects to the router R2 using IPv4 address and to R3 using IPv6 address.

Note: NAT-PT is not supported in Cisco Express Forwarding (CEF) and has to be disabled.

Note: Use the Command Lookup Tool (registered customers only) in order to find more information on the commands used in this document.

Network Diagram

This example uses this network setup:

nat-ptv6-01.gif

Configurations

This example uses these configuration:

R1 Configuration
hostname R1
ipv6 unicast-routing
!
interface Serial0/0
 ip address 192.168.30.10 255.255.255.0
 duplex auto
 speed auto
 ipv6 nat
!
interface Serial0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:DB8:3002::9/64
 ipv6 enable
!
ipv6 route ::/0 2001:DB8:3002::10
ipv6 nat v4v6 source 192.168.30.9 2000::960B:202

!--- Translates the ipv4 add of R2 fa0/0 to ipv6 address.
          
ipv6 nat v6v4 source 3001:11:0:1::1 150.11.3.1

!--- Translates the ipv6 add of loop0 of R3 to ipv4 address.
              
ipv6 nat prefix 2000::/96

!--- The destination prefixes that matches 2000::/96 
!--- are translated by NAT-PT.
                            
!
end

R2 Configuration
hostname R2
!
interface Serial0/0
 ip address 192.168.30.9 255.255.255.0
 duplex auto
 speed auto
!
ip route 0.0.0.0 0.0.0.0 192.168.30.10
!

!
end

R3 Configuration
hostname R3
ipv6 unicast-routing
!
interface Loopback0
 no ip address
 ipv6 address 3001:11:0:1::1/64
!
interface Serial0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:DB8:3002::10/64
!
ipv6 route ::/0 2001:DB8:3002::9
!

Verify

Use this section in order to confirm that your configuration works properly.

In router R3

Now any packet from IPv6 address of Loopback0 of R3 should be able to reach fa0/0 IPv4 address of R2 using the IPv6 address 2000::960B:202 as shown here:

Ping
R3#ping 2000::960b:202 sou lo 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2000::960B:202, timeout is 2 seconds:
Packet sent with a source address of 3001:11:0:1::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/60/124 ms

!--- This shows that the router R3 is able to reach 
!--- the router R2 through lo address 3001:11:0:1::1.

In router R2

Ping
R2#ping 150.11.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.11.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/68/120 ms

!--- The successful ping response shows that the router R2
!--- is able to reach the IPv6 network.

In router R1

show ipv6 nat translations

show ipv6 nat translations
R1#show ipv6 nat translations
Prot  IPv4 source              IPv6 source
      IPv4 destination         IPv6 destination
---   ---                      ---
      192.168.30.9             2000::960B:202

---   150.11.3.1               3001:11:0:1::1
      ---                      ---

R1#show ipv6 nat translations
Prot  IPv4 source              IPv6 source
      IPv4 destination         IPv6 destination
---   ---                      ---
      192.168.30.9             2000::960B:202

---   150.11.3.1               3001:11:0:1::1
      ---                      ---

!--- This command displays the active NAT-PT translations in the router.

debug ipv6 nat detailed

debug ipv6 nat detailed
R1#debug ipv6 nat detailed
R1#
*Mar  1 09:12:41.877: IPv6 NAT: Found prefix 2000::/96
*Mar  1 09:12:41.881: IPv6 NAT: IPv4->IPv6:
                 src (192.168.30.9 -> 2000::960B:202)
                 dst (0.0.0.0 -> ::)
                 ref_count = 1, usecount = 0, flags = 513,
                 rt_flags = 0, more_flags = 0

*Mar  1 09:12:41.881: IPv6 NAT: IPv4->IPv6:
                 src (0.0.0.0 -> ::)
                 dst (150.11.3.1 -> 3001:11:0:1::1)
                 ref_count = 1, usecount = 0, flags = 257,
                 rt_flags = 0, more_flags = 0

*Mar  1 09:12:41.925: IPv6 NAT: IPv6->IPv4:
                 src (3001:11:0:1::1 -> 150.11.3.1)
                 dst (2000::960B:202 -> 192.168.30.9)
                 ref_count = 1, usecount = 0, flags = 2,
                 rt_flags = 0, more_flags = 0

*Mar  1 09:12:41.925: IPv6 NAT: icmp src (3001:11:0:1::1) -> (150.11.3.1), 
                 dst (2000::960B:202) -> (192.168.30.9)
*Mar  1 09:12:41.965: IPv6 NAT: Found prefix 2000::/96
*Mar  1 09:12:41.965: IPv6 NAT: IPv4->IPv6:
                 src (192.168.30.9 -> 2000::960B:202)
                 dst (150.11.3.1 -> 3001:11:0:1::1)
                 ref_count = 1, usecount = 0, flags = 2,
                 rt_flags = 0,


!--- This command displays detailed information about NAT-PT events.

Related Information

Updated: Sep 10, 2012
Document ID: 113275