ipv6 nat issue

From: robert.steeneken@getronics.com
Date: Sun Sep 30 2007 - 14:43:53 ART

• Next message: Scott Morris: "RE: Ipexpert lab FR question"
• Previous message: Meried Bekele: "Re: rate-limiting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello group,

I am working on ipv6 nat to connect ipv6 network to a ipv4 network.
This is the situation

  .10 14.14.10.0/24 .2 :2 2001:22:2::/64 :22 2001:22:22::/64
R1----------------------R2--------------------------BB2---
          IPV4 Fa0/0 s1/0 IPV6

So I use R2 to nat between ipv4 and ipv6. So users from behind BB2 can telnet to R1 using a ipv6 address representing the ipv4 address of R1.
Config R2

interface FastEthernet0/0
 ip address 14.14.10.2 255.255.255.0
 ipv6 nat
!
interface Serial1/0
 ipv6 address 2001:22:2::2/64
 ipv6 nat
!
ipv6 nat v4v6 source 14.14.10.10 2001:14:14::10
ipv6 nat v6v4 source list V6LIST interface FastEthernet0/0 overload
ipv6 nat prefix 2001:14:14::10/96
!
ipv6 access-list V6LIST
 permit ipv6 2001:22:22::/64 host 2001:14:14::10
!

When I ping from R2's lan to 2001:14:14::10 it works.

BB2#ping 2001:14:14::10 source e0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:14:14::10, timeout is 2 seconds:
Packet sent with a source address of 2001:22:22::22
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/59/100 ms

R2#sh ipv6 nat translations
Prot IPv4 source IPv6 source
      IPv4 destination IPv6 destination
--- --- ---
      14.14.10.10 2001:14:14::10

tcp 14.14.10.2,13374 2001:22:22::22,13374
      14.14.10.10,23 2001:14:14::10,23

But when I change the ipv4 nat source address from the ip address of interface Fa0/0 to an ipv4 pool address I miss half of the pings.
!
ipv6 nat v4v6 source 14.14.10.10 2001:14:14::10
ipv6 nat v6v4 source list V6LIST pool IPV4
ipv6 nat v6v4 pool IPV4 14.14.22.1 14.14.22.254 prefix-length 24
ipv6 nat prefix 2001:14:14::10/96
!
BB2#ping 2001:14:14::10 source e0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:14:14::10, timeout is 2 seconds:
Packet sent with a source address of 2001:22:22::22
!.!.!
Success rate is 60 percent (3/5), round-trip min/avg/max = 8/57/136 ms

R2#sh ipv6 nat translations
Prot IPv4 source IPv6 source
      IPv4 destination IPv6 destination
--- --- ---
      14.14.10.10 2001:14:14::10

icmp 14.14.22.2,6252 2001:22:22::22,6252
      14.14.10.10,6252 2001:14:14::10,6252

I am trying this on a Laptop with dynamips so I have no idea if thats the problem or I miss something. On both R1 and BB2 are static routes to R2 for the nat addresses. My homelab is not able to test IPV6. When I debug ipv6 nat on R2 it looks like half of the time the router has no nat entry so that will explains the miss of pings.

• Next message: Scott Morris: "RE: Ipexpert lab FR question"
• Previous message: Meried Bekele: "Re: rate-limiting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:17 ART