From: shiran guez (shiranp3@gmail.com)
Date: Sat Nov 03 2007 - 04:25:40 ART
Chris, for your benefit I suggest you try to test it on a live router or
Dynamips and after few hours I Guss you will come back here and ask what we
asked here.
NAT-PT is not like NAT as NAT is translating one IP to another IP, NAT-PT is
a protocol translator, the router need to translate each packet from one
protocol to another.
Read the RFC 2766 you will see all the complexity behind it.
On 11/3/07, Chris Riling <criling@gmail.com> wrote:
>
> I don't really have a lot of experience with NAT-PT per se, so I'm not
> claiming any bit of correctness here, but I've read the article in the v6
> section of the DocCD and I've done a little bit of research, and this is how
> I basically understand it in my screwed up little head:
>
> It's basically configured the same as IPv4 NAT, just slightly different
> commands to enable NAT under the interfaces themselves - "ipv6 nat", butthe
> general process is the same. You're just rewriting packets as you
> forward between stacks instead of public / private v4 space in the same
> stack. (in most scenarios, like we're used to).
>
> I think you guys are getting somewhat confused in the fact that you guys
> are also talking about IPv4 compatible v6 addresses, which incorporate the
> hex equivalent of a v4 address in the low order bits of a v6 address - this,
> as I understand it, is not necessary when dealing with NAT-PT, only
> in tunneling scenarios... You can play with this at a site like
> www.ip-lookup.net and compare it while you play with windows calulator and
> do the dec --> hex conversion, until you get a feel for how that works...
>
> I'm probably wrong, but I thought I'd take a crack at it :)
>
> Thanks,
>
> Chris
>
>
> On 11/2/07, shiran guez <shiranp3@gmail.com> wrote:
> >
> > Tried already to ping the hex the bin the dec and every other format I
> > can
> > think of, things are not clear here both logically and not technically.
> >
> > I hope to find some more answerer's about this soon that will clear the
> > air
> > as there is noting more annoying to read and test something and not
> > understand how and why it do not work.
> >
> >
> >
> >
> >
> > On 11/2/07, Phillip.McCollum@ins.com <Phillip.McCollum@ins.com> wrote:
> > >
> > > Shiran,
> > >
> > >
> > >
> > > After looking over the documentation again, you're right, it's not
> > very
> > > clear. I believe that from the IPv6 source host, you need to ping the
> > HEX
> > > version of the IPv4 address appended to the NAT-PT prefix. So in your
> > > example below, if you want to reach 10.1.45.5, you need to ping
> > > 2000::0a01:2D05. Give that a shot and let us know the results! This
> > document
> > > seems to spell things out a little better:
> > >
> > >
> > >
> > > http://tinyurl.com/ypo3kx
> > >
> > >
> > >
> > > HTH,
> > >
> > > Phillip
> > >
> > >
> > >
> > > *From:* shiran guez [mailto: shiranp3@gmail.com]
> > > *Sent:* Thursday, November 01, 2007 11:12 PM
> > > *To:* McCollum, Phillip
> > > *Cc:* ccielab@groupstudy.com
> > > *Subject:* Re: IPV6 NAT-PT
> > >
> > >
> > >
> > > what dose it mean destination
> > > address = 2000::192.168.1.1 how can you ping 2000::192.168.1.1
> > >
> > >
> > >
> > > R4#ping 2000::10.1.45.5
> > > % Unrecognized host or address, or protocol not running.
> > >
> > > interface Ethernet0/1
> > > no ip address
> > > half-duplex
> > > ipv6 address 2001:CC1E:146:146::4/64
> > > ipv6 nat
> > > ipv6 rip RIPng enable
> > > ipv6 rip RIPng default-information originate
> > > !
> > > !
> > > interface Serial1/1
> > > ip address 10.1.45.4 255.255.255.0
> > > ipv6 nat
> > > !
> > > !
> > > ipv6 nat v4v6 source 10.1.45.5 2001:CC1E:5::5
> > > ipv6 nat v6v4 source route-map PT-SOURCE pool v4pool
> > > ipv6 nat v6v4 pool v4pool 10.1.45.10 10.1.45.50 prefix-length 24
> > > ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
> > > !
> > > !
> > > ipv6 prefix-list PT-LIST seq 5 permit 2001:CC1E:146:146::/64
> > > ipv6 prefix-list PT-LIST seq 10 permit 2001:150:1:6::/64
> > > route-map PT-SOURCE permit 10
> > > match ipv6 address prefix-list PT-LIST
> > > !
> > >
> > > R4 is connected via Serial to R5, R5 is pure v4 and R4 is the NAT-PT
> > >
> > > behind R4 there are R1 and R6 over a Ethernet R6 is Pure v6 and R1 is
> > dual
> > > mode but with no NAT-PT or any other connection between the protocols.
> > >
> > > I want to be able to Ping from R6 to the v4 domain and from the v4
> > Domain
> > > to ping to v6 Domain Dynamically.
> > >
> > > In my configuration I went according to the Documentation and I do not
> > > understand practically how the Dynamic works.
> > >
> > >
> > >
> > >
> > >
> > >
> > > On 11/2/07, *Phillip.McCollum@ins.com* <Phillip.McCollum@ins.com >
> > wrote:
> > >
> > > Shiran,
> > >
> > > I was pretty confused when working with this as well. Read over this
> > > line and see if it helps to sink in. Taken from
> > >
> > http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
> > > ipv6_c/sa_natpt.htm#wp1079515:
> > >
> > > ==========
> > > Enabling Traffic to be Sent from an IPv6 Network to an IPv4 Network
> > > without Using IPv6 Dastination Address Mapping: Example
> > >
> > > In the following example, the access list permits any IPv6 source
> > > address with the prefix 2001::/96 to go to the destination with a
> > > 2000::/96 prefix. The destination is then translated to the last 32
> > bit
> > > of its IPv6 address; for example: source address = 2001::1,
> > destination
> > > address = 2000::192.168.1.1. The destination then becomes 192.168.1.1in
> > > the IPv4 network:
> > >
> > > ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
> > >
> > > ipv6 access-list v4map_acl
> > > permit ipv6 2001::/96 2000::/96
> > >
> > > ==========
> > >
> > > Phillip
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > shiran guez
> > > Sent: Thursday, November 01, 2007 1:00 PM
> > > To: Cisco certification
> > > Subject: IPV6 NAT-PT
> > >
> > > I am going out of my mind to figure out this, it seam like this
> > > technology
> > > do not want to go trough my head.
> > > I already went trough the RFC and the Cisco DOC from univercd, but it
> > is
> > > not
> > > sinking in.
> > >
> > >
> > > I understand how the Static 1 to 1 work, but the Dynamic I do not see
> > > how
> > > can you set a range of address on one protocol and on the other
> > protocol
> > > without linking them one to one
> > >
> > > for say I have IPv6 Network on one side and IPV4 on the other side and
> > > NAT-PT between them, if i set a pool of IPv4 and a Prefix of /96 for
> > the
> > > IPv6 what address should I ping from the IPv6 to the IPv4 to reach a
> > > specific node if it is not mapped how can he know where to go?
> > >
> > > if some one have a better explanation and a working sample config I
> > > would
> > > much appreciate it as I am pooling hare as we speak.
> > >
> > >
> > > --
> > > Shiran Guez
> > > MCSE CCNP NCE1
> > > http://cciep3.blogspot.com
> > > http://www.linkedin.com/in/cciep3
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > >
> > > --
> > > Shiran Guez
> > > MCSE CCNP NCE1
> > > http://cciep3.blogspot.com
> > > http://www.linkedin.com/in/cciep3
> > >
> >
> >
> >
> > --
> > Shiran Guez
> > MCSE CCNP NCE1
> > http://cciep3.blogspot.com
> > http://www.linkedin.com/in/cciep3
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
-- Shiran Guez MCSE CCNP NCE1 http://cciep3.blogspot.com http://www.linkedin.com/in/cciep3
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:27 ART