Re: Problem with NAT-PT Static

From: nhatphuc (nhatphuc@gmail.com)
Date: Tue Feb 13 2007 - 08:50:12 ART

• Next message: Darby Weaver: "Re: Cisco and its Partners"
• Previous message: BitGossip: "IEWB4 lab11: voice vlan"
• Maybe in reply to: nhatphuc: "Problem with NAT-PT Static"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks all for replying,

On IPv4 host, I add a static arp entry then it can ping but the reply is
!.!.!

I don't know why it is so.

From Cisco Doc, they don't tell us to add a static arp entry. So Can you
give me a complete configuration for Static NAT-PT of both router and hosts?

Thanks

On 2/13/07, Thomas Fowles <tfowles@gmail.com> wrote:
>
> I just realized that I flipped the prefix lengths (64's and 96's) in my
> email below, but my config was as it should be (static route should have a
> /96).
> Excuse my dyslexia :)
> Hopefully lunch will help me out more than this morning's coffee did.
>
> -Tom
>
> On 2/12/07, Thomas Fowles <tfowles@gmail.com> wrote:
> >
> > Wow ... coffee makes a world of difference in the morning.
> > I think it is a routing issue you are having. I recreated the scenario
> > in dynamips (outstanding emulator!) using the same config you have there:
> >
> > (Rtr A) ------- (Rtr B) ------- (Rtr C)
> > IPv4 IPv4v6 NAT IPv6
> >
> > Rtr B is doing the NAT translation as you depicted with your code
> > snippet. If I ping from the IPv4 host I see the same debug output as you
> > showed and the same behavior.
> >
> > Then on Rtr C I added the following line:
> > RC(config)#ipv6 route 2001::/64 2001:1:1::1
> >
> > Once Rtr C had a route to the 2001::/64 network I was able to get
> > responses in either direction.
> >
> > 2001:0000:0000:0000::/64 and 2001:1:1:0:0:0::/96 are different prefixes
> > and show up separately in the ipv6 routing table.
> > Since we are usually prohibited from using static routes in the lab, you
> > would want to redistribute connected under your ipv6 IGP to advertise the
> > 2001::/64 prefix.
> >
> > Thanks for this question! I've really been wanting to play more with
> > NAT-PT myself.
> > Now this "lab rat" needs to spend some time on his daytime engineering
> > job.
> >
> > -Tom
> >
> >
> > On 2/12/07, Thomas Fowles < tfowles@gmail.com> wrote:
> > >
> > > Nevermind ... missed your debug there :)
> > >
> > > On 2/12/07, Thomas Fowles <tfowles@gmail.com > wrote:
> > > >
> > > > Does 2001:1:1::10 have a route back to 2001::20 ?
> > > >
> > > > On 2/11/07, nhatphuc < nhatphuc@gmail.com> wrote:
> > > > >
> > > > > I've tried putting ipv6 nat prefix in global config mode, but it
> > > > > doesn't
> > > > > help.
> > > > >
> > > > > Thanks
> > > > >
> > > > >
> > > > > On 2/11/07, srdja blagojevic < srdja1@pexim.co.yu> wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > My gess is that you put ipv6 nat prefix on wrong interface. From
> > > > > DocCD
> > > > > > (Config Guide):
> > > > > >
> > > > > > ...The NAT-PT prefix is used to match a destination address of
> > > > > an IPv6
> > > > > > packet. If the match is successful, NAT-PT will use the
> > > > > configured address
> > > > > > mapping rules to translate the IPv6 packet to an IPv4 packet....
> > > > > >
> > > > > > This mean that you should put it on Gi0/1 since on that
> > > > > interface you will
> > > > > > have destination ipv6 prefix. I guess that better practise is to
> > > > > put ipv6
> > > > > > nat prefix in global config mode.
> > > > > >
> > > > > > HTH,
> > > > > > Srdja
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > > > > Behalf Of
> > > > > > nhatphuc
> > > > > > Sent: Sunday, February 11, 2007 04:34
> > > > > > To: Cisco certification
> > > > > > Subject: Problem with NAT-PT Static
> > > > > >
> > > > > > Hi GS,
> > > > > >
> > > > > > I configure NAT-PT as follow:
> > > > > >
> > > > > > interface GigabitEthernet0/0
> > > > > > ip address 172.16.1.1 255.255.255.0
> > > > > > duplex auto
> > > > > > speed auto
> > > > > > ipv6 enable
> > > > > > ipv6 nat prefix 2001::/96
> > > > > > ipv6 nat
> > > > > > !
> > > > > > interface GigabitEthernet0/1
> > > > > > no ip address
> > > > > > duplex auto
> > > > > > speed auto
> > > > > > ipv6 address 2001:1:1::1/64
> > > > > > ipv6 enable
> > > > > > ipv6 nat
> > > > > >
> > > > > > ipv6 nat v4v6 source 172.16.1.2 2001::20
> > > > > > ipv6 nat v6v4 source 2001:1:1::10 172.16.1.20
> > > > > >
> > > > > > I can ping from IPv6 Host, but don't receive any reply:
> > > > > >
> > > > > > R(config)#do sh ipv6 nat trans
> > > > > > Prot IPv4 source IPv6 source
> > > > > > IPv4 destination IPv6 destination
> > > > > > --- --- ---
> > > > > > 172.16.1.2 2001::20
> > > > > >
> > > > > > --- 172.16.1.20 2001:1:1::10
> > > > > > --- ---
> > > > > >
> > > > > > C:\>ping 2001::20
> > > > > >
> > > > > > Pinging 2001::20 from 2001:1:1::10 with 32 bytes of data:
> > > > > >
> > > > > > Request timed out.
> > > > > > Request timed out.
> > > > > > Request timed out.
> > > > > > Request timed out.
> > > > > >
> > > > > > Ping statistics for 2001::20:
> > > > > > Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\>
> > > > > >
> > > > > > R(config)#
> > > > > > *Feb 10 20:28:55.327: IPv6 NAT: icmp src (2001:1:1::10) -> (
> > > > > 172.16.1.20),
> > > > > > dst (2001::20) -> (172.16.1.2) *Feb 10 20:28:59.947: IPv6 NAT:
> > > > > icmp src
> > > > > > (2001:1:1::10) -> ( 172.16.1.20), dst (2001::20) -> ( 172.16.1.2)
> > > > > *Feb 10
> > > > > > 20:29:04.947: IPv6 NAT: icmp src (2001:1:1::10) -> ( 172.16.1.20),
> > > > > dst
> > > > > > (2001::20) -> (172.16.1.2 ) *Feb 10 20:29:09.947: IPv6 NAT: icmp
> > > > > src
> > > > > > (2001:1:1::10) -> (172.16.1.20), dst (2001::20) -> ( 172.16.1.2)
> > > > > > R(config)#do
> > > > > > sh ipv6 nat trans
> > > > > > Prot IPv4 source IPv6 source
> > > > > > IPv4 destination IPv6 destination
> > > > > > --- --- ---
> > > > > > 172.16.1.2 2001::20
> > > > > >
> > > > > > --- 172.16.1.20 2001:1:1::10
> > > > > > 172.16.1.2 2001::20
> > > > > >
> > > > > > --- 172.16.1.20 2001:1:1::10
> > > > > > --- ---
> > > > > >
> > > > > > R(config)#
> > > > > >
> > > > > > From IPv4 host, I ping:
> > > > > >
> > > > > > HostIPv4#ping 172.16.1.20
> > > > > >
> > > > > > Type escape sequence to abort.
> > > > > > Sending 5, 100-byte ICMP Echos to 172.16.1.20, timeout is 2
> > > > > seconds:
> > > > > > .....
> > > > > > Success rate is 0 percent (0/5)
> > > > > >
> > > > > > From ROUTER NAT-PT, I can ping both:
> > > > > >
> > > > > > R#ping 172.16.1.2
> > > > > >
> > > > > > Type escape sequence to abort.
> > > > > > Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2
> > > > > seconds:
> > > > > > !!!!!
> > > > > > Success rate is 100 percent (5/5), round-trip min/avg/max =
> > > > > 1/1/4 ms
> > > > > > R#ping
> > > > > > 2001:1:1::10
> > > > > >
> > > > > > Type escape sequence to abort.
> > > > > > Sending 5, 100-byte ICMP Echos to 2001:1:1::10, timeout is 2
> > > > > seconds:
> > > > > > !!!!!
> > > > > > Success rate is 100 percent (5/5), round-trip min/avg/max =
> > > > > 0/0/4 ms R#
> > > > > >
> > > > > > Did I miss anything?
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > >
> > > > > _______________________________________________________________________
> > > > > > Subscription information may be found at:
> > > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > > > _______________________________________________________________________
> > > > >
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html

• Next message: Darby Weaver: "Re: Cisco and its Partners"
• Previous message: BitGossip: "IEWB4 lab11: voice vlan"
• Maybe in reply to: nhatphuc: "Problem with NAT-PT Static"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:46 ART