From: Thomas Fowles (tfowles@gmail.com)
Date: Mon Feb 12 2007 - 12:48:57 ART
Wow ... coffee makes a world of difference in the morning.
I think it is a routing issue you are having. I recreated the scenario in
dynamips (outstanding emulator!) using the same config you have there:
(Rtr A) ------- (Rtr B) ------- (Rtr C)
IPv4 IPv4v6 NAT IPv6
Rtr B is doing the NAT translation as you depicted with your code snippet.
If I ping from the IPv4 host I see the same debug output as you showed and
the same behavior.
Then on Rtr C I added the following line:
RC(config)#ipv6 route 2001::/64 2001:1:1::1
Once Rtr C had a route to the 2001::/64 network I was able to get responses
in either direction.
2001:0000:0000:0000::/64 and 2001:1:1:0:0:0::/96 are different prefixes and
show up separately in the ipv6 routing table.
Since we are usually prohibited from using static routes in the lab, you
would want to redistribute connected under your ipv6 IGP to advertise the
2001::/64 prefix.
Thanks for this question! I've really been wanting to play more with NAT-PT
myself.
Now this "lab rat" needs to spend some time on his daytime engineering job.
-Tom
On 2/12/07, Thomas Fowles <tfowles@gmail.com> wrote:
>
> Nevermind ... missed your debug there :)
>
> On 2/12/07, Thomas Fowles <tfowles@gmail.com> wrote:
> >
> > Does 2001:1:1::10 have a route back to 2001::20 ?
> >
> > On 2/11/07, nhatphuc < nhatphuc@gmail.com> wrote:
> > >
> > > I've tried putting ipv6 nat prefix in global config mode, but it
> > > doesn't
> > > help.
> > >
> > > Thanks
> > >
> > >
> > > On 2/11/07, srdja blagojevic < srdja1@pexim.co.yu> wrote:
> > > >
> > > >
> > > >
> > > >
> > > > My gess is that you put ipv6 nat prefix on wrong interface. From
> > > DocCD
> > > > (Config Guide):
> > > >
> > > > ...The NAT-PT prefix is used to match a destination address of an
> > > IPv6
> > > > packet. If the match is successful, NAT-PT will use the configured
> > > address
> > > > mapping rules to translate the IPv6 packet to an IPv4 packet....
> > > >
> > > > This mean that you should put it on Gi0/1 since on that interface
> > > you will
> > > > have destination ipv6 prefix. I guess that better practise is to put
> > > ipv6
> > > > nat prefix in global config mode.
> > > >
> > > > HTH,
> > > > Srdja
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > > Of
> > > > nhatphuc
> > > > Sent: Sunday, February 11, 2007 04:34
> > > > To: Cisco certification
> > > > Subject: Problem with NAT-PT Static
> > > >
> > > > Hi GS,
> > > >
> > > > I configure NAT-PT as follow:
> > > >
> > > > interface GigabitEthernet0/0
> > > > ip address 172.16.1.1 255.255.255.0
> > > > duplex auto
> > > > speed auto
> > > > ipv6 enable
> > > > ipv6 nat prefix 2001::/96
> > > > ipv6 nat
> > > > !
> > > > interface GigabitEthernet0/1
> > > > no ip address
> > > > duplex auto
> > > > speed auto
> > > > ipv6 address 2001:1:1::1/64
> > > > ipv6 enable
> > > > ipv6 nat
> > > >
> > > > ipv6 nat v4v6 source 172.16.1.2 2001::20
> > > > ipv6 nat v6v4 source 2001:1:1::10 172.16.1.20
> > > >
> > > > I can ping from IPv6 Host, but don't receive any reply:
> > > >
> > > > R(config)#do sh ipv6 nat trans
> > > > Prot IPv4 source IPv6 source
> > > > IPv4 destination IPv6 destination
> > > > --- --- ---
> > > > 172.16.1.2 2001::20
> > > >
> > > > --- 172.16.1.20 2001:1:1::10
> > > > --- ---
> > > >
> > > > C:\>ping 2001::20
> > > >
> > > > Pinging 2001::20 from 2001:1:1::10 with 32 bytes of data:
> > > >
> > > > Request timed out.
> > > > Request timed out.
> > > > Request timed out.
> > > > Request timed out.
> > > >
> > > > Ping statistics for 2001::20:
> > > > Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\>
> > > >
> > > > R(config)#
> > > > *Feb 10 20:28:55.327: IPv6 NAT: icmp src (2001:1:1::10) -> (
> > > 172.16.1.20),
> > > > dst (2001::20) -> (172.16.1.2) *Feb 10 20:28:59.947: IPv6 NAT: icmp
> > > src
> > > > (2001:1:1::10) -> ( 172.16.1.20), dst (2001::20) -> ( 172.16.1.2)
> > > *Feb 10
> > > > 20:29:04.947: IPv6 NAT: icmp src (2001:1:1::10) -> ( 172.16.1.20),
> > > dst
> > > > (2001::20) -> (172.16.1.2 ) *Feb 10 20:29:09.947: IPv6 NAT: icmp src
> > > > (2001:1:1::10) -> (172.16.1.20), dst (2001::20) -> ( 172.16.1.2)
> > > > R(config)#do
> > > > sh ipv6 nat trans
> > > > Prot IPv4 source IPv6 source
> > > > IPv4 destination IPv6 destination
> > > > --- --- ---
> > > > 172.16.1.2 2001::20
> > > >
> > > > --- 172.16.1.20 2001:1:1::10
> > > > 172.16.1.2 2001::20
> > > >
> > > > --- 172.16.1.20 2001:1:1::10
> > > > --- ---
> > > >
> > > > R(config)#
> > > >
> > > > From IPv4 host, I ping:
> > > >
> > > > HostIPv4#ping 172.16.1.20
> > > >
> > > > Type escape sequence to abort.
> > > > Sending 5, 100-byte ICMP Echos to 172.16.1.20, timeout is 2 seconds:
> > >
> > > > .....
> > > > Success rate is 0 percent (0/5)
> > > >
> > > > From ROUTER NAT-PT, I can ping both:
> > > >
> > > > R#ping 172.16.1.2
> > > >
> > > > Type escape sequence to abort.
> > > > Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
> > > > !!!!!
> > > > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
> > > > R#ping
> > > > 2001:1:1::10
> > > >
> > > > Type escape sequence to abort.
> > > > Sending 5, 100-byte ICMP Echos to 2001:1:1::10, timeout is 2
> > > seconds:
> > > > !!!!!
> > > > Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
> > > R#
> > > >
> > > > Did I miss anything?
> > > >
> > > > Thanks
> > > >
> > > >
> > > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > _______________________________________________________________________
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:46 ART