Re: IPV6 NAT-PT

From: Chris Riling (criling@gmail.com)
Date: Fri Nov 02 2007 - 20:32:40 ART

• Next message: Scott Morris: "RE: is it necessary to map L3 to L2 add of IPv6 in frame-relay"
• Previous message: Chris Riling: "Re: "NTP disable" interface configuration command"
• Maybe in reply to: shiran guez: "IPV6 NAT-PT"
• Next in thread: shiran guez: "Re: IPV6 NAT-PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I don't really have a lot of experience with NAT-PT per se, so I'm not
claiming any bit of correctness here, but I've read the article in the v6
section of the DocCD and I've done a little bit of research, and this is how
I basically understand it in my screwed up little head:

It's basically configured the same as IPv4 NAT, just slightly different
commands to enable NAT under the interfaces themselves - "ipv6 nat", butthe
general process is the same. You're just rewriting packets as you
forward between stacks instead of public / private v4 space in the same
stack. (in most scenarios, like we're used to).

I think you guys are getting somewhat confused in the fact that you guys are
also talking about IPv4 compatible v6 addresses, which incorporate the hex
equivalent of a v4 address in the low order bits of a v6 address - this, as
I understand it, is not necessary when dealing with NAT-PT, only
in tunneling scenarios... You can play with this at a site like
www.ip-lookup.net and compare it while you play with windows calulator and
do the dec --> hex conversion, until you get a feel for how that works...

I'm probably wrong, but I thought I'd take a crack at it :)

Thanks,

Chris

On 11/2/07, shiran guez <shiranp3@gmail.com> wrote:
>
> Tried already to ping the hex the bin the dec and every other format I can
> think of, things are not clear here both logically and not technically.
>
> I hope to find some more answerer's about this soon that will clear the
> air
> as there is noting more annoying to read and test something and not
> understand how and why it do not work.
>
>
>
>
>
> On 11/2/07, Phillip.McCollum@ins.com <Phillip.McCollum@ins.com> wrote:
> >
> > Shiran,
> >
> >
> >
> > After looking over the documentation again, you're right, it's not very
> > clear. I believe that from the IPv6 source host, you need to ping the
> HEX
> > version of the IPv4 address appended to the NAT-PT prefix. So in your
> > example below, if you want to reach 10.1.45.5, you need to ping
> > 2000::0a01:2D05. Give that a shot and let us know the results! This
> document
> > seems to spell things out a little better:
> >
> >
> >
> > http://tinyurl.com/ypo3kx
> >
> >
> >
> > HTH,
> >
> > Phillip
> >
> >
> >
> > *From:* shiran guez [mailto:shiranp3@gmail.com]
> > *Sent:* Thursday, November 01, 2007 11:12 PM
> > *To:* McCollum, Phillip
> > *Cc:* ccielab@groupstudy.com
> > *Subject:* Re: IPV6 NAT-PT
> >
> >
> >
> > what dose it mean destination
> > address = 2000::192.168.1.1 how can you ping 2000::192.168.1.1
> >
> >
> >
> > R4#ping 2000::10.1.45.5
> > % Unrecognized host or address, or protocol not running.
> >
> > interface Ethernet0/1
> > no ip address
> > half-duplex
> > ipv6 address 2001:CC1E:146:146::4/64
> > ipv6 nat
> > ipv6 rip RIPng enable
> > ipv6 rip RIPng default-information originate
> > !
> > !
> > interface Serial1/1
> > ip address 10.1.45.4 255.255.255.0
> > ipv6 nat
> > !
> > !
> > ipv6 nat v4v6 source 10.1.45.5 2001:CC1E:5::5
> > ipv6 nat v6v4 source route-map PT-SOURCE pool v4pool
> > ipv6 nat v6v4 pool v4pool 10.1.45.10 10.1.45.50 prefix-length 24
> > ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
> > !
> > !
> > ipv6 prefix-list PT-LIST seq 5 permit 2001:CC1E:146:146::/64
> > ipv6 prefix-list PT-LIST seq 10 permit 2001:150:1:6::/64
> > route-map PT-SOURCE permit 10
> > match ipv6 address prefix-list PT-LIST
> > !
> >
> > R4 is connected via Serial to R5, R5 is pure v4 and R4 is the NAT-PT
> >
> > behind R4 there are R1 and R6 over a Ethernet R6 is Pure v6 and R1 is
> dual
> > mode but with no NAT-PT or any other connection between the protocols.
> >
> > I want to be able to Ping from R6 to the v4 domain and from the v4
> Domain
> > to ping to v6 Domain Dynamically.
> >
> > In my configuration I went according to the Documentation and I do not
> > understand practically how the Dynamic works.
> >
> >
> >
> >
> >
> >
> > On 11/2/07, *Phillip.McCollum@ins.com* <Phillip.McCollum@ins.com >
> wrote:
> >
> > Shiran,
> >
> > I was pretty confused when working with this as well. Read over this
> > line and see if it helps to sink in. Taken from
> > http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
> > ipv6_c/sa_natpt.htm#wp1079515:
> >
> > ==========
> > Enabling Traffic to be Sent from an IPv6 Network to an IPv4 Network
> > without Using IPv6 Dastination Address Mapping: Example
> >
> > In the following example, the access list permits any IPv6 source
> > address with the prefix 2001::/96 to go to the destination with a
> > 2000::/96 prefix. The destination is then translated to the last 32 bit
> > of its IPv6 address; for example: source address = 2001::1, destination
> > address = 2000::192.168.1.1. The destination then becomes 192.168.1.1 in
> > the IPv4 network:
> >
> > ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
> >
> > ipv6 access-list v4map_acl
> > permit ipv6 2001::/96 2000::/96
> >
> > ==========
> >
> > Phillip
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > shiran guez
> > Sent: Thursday, November 01, 2007 1:00 PM
> > To: Cisco certification
> > Subject: IPV6 NAT-PT
> >
> > I am going out of my mind to figure out this, it seam like this
> > technology
> > do not want to go trough my head.
> > I already went trough the RFC and the Cisco DOC from univercd, but it is
> > not
> > sinking in.
> >
> >
> > I understand how the Static 1 to 1 work, but the Dynamic I do not see
> > how
> > can you set a range of address on one protocol and on the other protocol
> > without linking them one to one
> >
> > for say I have IPv6 Network on one side and IPV4 on the other side and
> > NAT-PT between them, if i set a pool of IPv4 and a Prefix of /96 for the
> > IPv6 what address should I ping from the IPv6 to the IPv4 to reach a
> > specific node if it is not mapped how can he know where to go?
> >
> > if some one have a better explanation and a working sample config I
> > would
> > much appreciate it as I am pooling hare as we speak.
> >
> >
> > --
> > Shiran Guez
> > MCSE CCNP NCE1
> > http://cciep3.blogspot.com
> > http://www.linkedin.com/in/cciep3
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> > --
> > Shiran Guez
> > MCSE CCNP NCE1
> > http://cciep3.blogspot.com
> > http://www.linkedin.com/in/cciep3
> >
>
>
>
> --
> Shiran Guez
> MCSE CCNP NCE1
> http://cciep3.blogspot.com
> http://www.linkedin.com/in/cciep3
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: is it necessary to map L3 to L2 add of IPv6 in frame-relay"
• Previous message: Chris Riling: "Re: "NTP disable" interface configuration command"
• Maybe in reply to: shiran guez: "IPV6 NAT-PT"
• Next in thread: shiran guez: "Re: IPV6 NAT-PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:27 ART