From: Phillip.McCollum@ins.com
Date: Sun Nov 04 2007 - 03:23:35 ART
Shiran,
Do you have the v4map_acl configured? I didn't see it on your email. If
not, the dynamic translation won't happen because the ip nat prefix
v4-mapped won't match anything.
Phillip
-----Original Message-----
From: Tarun Pahuja [mailto:pahujat@gmail.com]
Sent: Saturday, November 03, 2007 3:02 PM
To: Chris Riling
Cc: shiran guez; McCollum, Phillip; ccielab@groupstudy.com
Subject: Re: IPV6 NAT-PT
Shiran,
I see a couple of typos in your config(Hint!), Please look
at the following URL and hopefully you will be able to find out for
yourself what the problem was ;-)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
ipv6_c/sa_natpt.htm#wp1057653
HTH,
Tarun
On 11/3/07, Chris Riling <criling@gmail.com> wrote:
> Yes, I realize it's translating between different protocols, hence the
name
> NAT- Protocol Translation... As I said, I didn't have an extensive
amount of
> lab experience with it, and didn't offer my explanation as an "end all
fix
> all" explanation, just my point of view...
>
> On 11/3/07, shiran guez <shiranp3@gmail.com> wrote:
> >
> > Chris, for your benefit I suggest you try to test it on a live
router or
> > Dynamips and after few hours I Guss you will come back here and ask
what we
> > asked here.
> >
> > NAT-PT is not like NAT as NAT is translating one IP to another IP,
NAT-PT
> > is a protocol translator, the router need to translate each packet
from one
> > protocol to another.
> >
> > Read the RFC 2766 you will see all the complexity behind it.
> >
> >
> >
> >
> > On 11/3/07, Chris Riling <criling@gmail.com> wrote:
> > >
> > > I don't really have a lot of experience with NAT-PT per se, so I'm
not
> > > claiming any bit of correctness here, but I've read the article in
the v6
> > > section of the DocCD and I've done a little bit of research, and
this is how
> > > I basically understand it in my screwed up little head:
> > >
> > > It's basically configured the same as IPv4 NAT, just slightly
different
> > > commands to enable NAT under the interfaces themselves - "ipv6
nat", butthe
> > > general process is the same. You're just rewriting packets as you
> > > forward between stacks instead of public / private v4 space in the
same
> > > stack. (in most scenarios, like we're used to).
> > >
> > > I think you guys are getting somewhat confused in the fact that
you guys
> > > are also talking about IPv4 compatible v6 addresses, which
incorporate the
> > > hex equivalent of a v4 address in the low order bits of a v6
address - this,
> > > as I understand it, is not necessary when dealing with NAT-PT,
only
> > > in tunneling scenarios... You can play with this at a site like
> > > www.ip-lookup.net and compare it while you play with windows
calulator
> > > and do the dec --> hex conversion, until you get a feel for how
that
> > > works...
> > >
> > > I'm probably wrong, but I thought I'd take a crack at it :)
> > >
> > > Thanks,
> > >
> > > Chris
> > >
> > >
> > > On 11/2/07, shiran guez <shiranp3@gmail.com > wrote:
> > > >
> > > > Tried already to ping the hex the bin the dec and every other
format I
> > > > can
> > > > think of, things are not clear here both logically and not
> > > > technically.
> > > >
> > > > I hope to find some more answerer's about this soon that will
clear
> > > > the air
> > > > as there is noting more annoying to read and test something and
not
> > > > understand how and why it do not work.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On 11/2/07, Phillip.McCollum@ins.com < Phillip.McCollum@ins.com>
> > > > wrote:
> > > > >
> > > > > Shiran,
> > > > >
> > > > >
> > > > >
> > > > > After looking over the documentation again, you're right, it's
not
> > > > very
> > > > > clear. I believe that from the IPv6 source host, you need to
ping
> > > > the HEX
> > > > > version of the IPv4 address appended to the NAT-PT prefix. So
in
> > > > your
> > > > > example below, if you want to reach 10.1.45.5, you need to
ping
> > > > > 2000::0a01:2D05. Give that a shot and let us know the results!
This
> > > > document
> > > > > seems to spell things out a little better:
> > > > >
> > > > >
> > > > >
> > > > > http://tinyurl.com/ypo3kx
> > > > >
> > > > >
> > > > >
> > > > > HTH,
> > > > >
> > > > > Phillip
> > > > >
> > > > >
> > > > >
> > > > > *From:* shiran guez [mailto: shiranp3@gmail.com]
> > > > > *Sent:* Thursday, November 01, 2007 11:12 PM
> > > > > *To:* McCollum, Phillip
> > > > > *Cc:* ccielab@groupstudy.com
> > > > > *Subject:* Re: IPV6 NAT-PT
> > > > >
> > > > >
> > > > >
> > > > > what dose it mean destination
> > > > > address = 2000:: 192.168.1.1 how can you ping
2000::192.168.1.1
> > > > >
> > > > >
> > > > >
> > > > > R4#ping 2000:: 10.1.45.5
> > > > > % Unrecognized host or address, or protocol not running.
> > > > >
> > > > > interface Ethernet0/1
> > > > > no ip address
> > > > > half-duplex
> > > > > ipv6 address 2001:CC1E:146:146::4/64
> > > > > ipv6 nat
> > > > > ipv6 rip RIPng enable
> > > > > ipv6 rip RIPng default-information originate
> > > > > !
> > > > > !
> > > > > interface Serial1/1
> > > > > ip address 10.1.45.4 255.255.255.0
> > > > > ipv6 nat
> > > > > !
> > > > > !
> > > > > ipv6 nat v4v6 source 10.1.45.5 2001:CC1E:5::5
> > > > > ipv6 nat v6v4 source route-map PT-SOURCE pool v4pool
> > > > > ipv6 nat v6v4 pool v4pool 10.1.45.10 10.1.45.50 prefix-length
24
> > > > > ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
> > > > > !
> > > > > !
> > > > > ipv6 prefix-list PT-LIST seq 5 permit 2001:CC1E:146:146::/64
> > > > > ipv6 prefix-list PT-LIST seq 10 permit 2001:150:1:6::/64
> > > > > route-map PT-SOURCE permit 10
> > > > > match ipv6 address prefix-list PT-LIST
> > > > > !
> > > > >
> > > > > R4 is connected via Serial to R5, R5 is pure v4 and R4 is the
NAT-PT
> > > >
> > > > >
> > > > > behind R4 there are R1 and R6 over a Ethernet R6 is Pure v6
and R1
> > > > is dual
> > > > > mode but with no NAT-PT or any other connection between the
> > > > protocols.
> > > > >
> > > > > I want to be able to Ping from R6 to the v4 domain and from
the v4
> > > > Domain
> > > > > to ping to v6 Domain Dynamically.
> > > > >
> > > > > In my configuration I went according to the Documentation and
I do
> > > > not
> > > > > understand practically how the Dynamic works.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On 11/2/07, *Phillip.McCollum@ins.com* <
Phillip.McCollum@ins.com >
> > > > wrote:
> > > > >
> > > > > Shiran,
> > > > >
> > > > > I was pretty confused when working with this as well. Read
over this
> > > >
> > > > > line and see if it helps to sink in. Taken from
> > > > >
> > > >
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
> > > > > ipv6_c/sa_natpt.htm#wp1079515:
> > > > >
> > > > > ==========
> > > > > Enabling Traffic to be Sent from an IPv6 Network to an IPv4
Network
> > > > > without Using IPv6 Dastination Address Mapping: Example
> > > > >
> > > > > In the following example, the access list permits any IPv6
source
> > > > > address with the prefix 2001::/96 to go to the destination
with a
> > > > > 2000::/96 prefix. The destination is then translated to the
last 32
> > > > bit
> > > > > of its IPv6 address; for example: source address = 2001::1,
> > > > destination
> > > > > address = 2000:: 192.168.1.1. The destination then becomes
> > > > 192.168.1.1 in
> > > > > the IPv4 network:
> > > > >
> > > > > ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
> > > > >
> > > > > ipv6 access-list v4map_acl
> > > > > permit ipv6 2001::/96 2000::/96
> > > > >
> > > > > ==========
> > > > >
> > > > > Phillip
> > > > >
> > > > > -----Original Message-----
> > > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf
> > > > Of
> > > > > shiran guez
> > > > > Sent: Thursday, November 01, 2007 1:00 PM
> > > > > To: Cisco certification
> > > > > Subject: IPV6 NAT-PT
> > > > >
> > > > > I am going out of my mind to figure out this, it seam like
this
> > > > > technology
> > > > > do not want to go trough my head.
> > > > > I already went trough the RFC and the Cisco DOC from univercd,
but
> > > > it is
> > > > > not
> > > > > sinking in.
> > > > >
> > > > >
> > > > > I understand how the Static 1 to 1 work, but the Dynamic I do
not
> > > > see
> > > > > how
> > > > > can you set a range of address on one protocol and on the
other
> > > > protocol
> > > > > without linking them one to one
> > > > >
> > > > > for say I have IPv6 Network on one side and IPV4 on the other
side
> > > > and
> > > > > NAT-PT between them, if i set a pool of IPv4 and a Prefix of
/96 for
> > > > the
> > > > > IPv6 what address should I ping from the IPv6 to the IPv4 to
reach a
> > > >
> > > > > specific node if it is not mapped how can he know where to go?
> > > > >
> > > > > if some one have a better explanation and a working sample
config I
> > > > > would
> > > > > much appreciate it as I am pooling hare as we speak.
> > > > >
> > > > >
> > > > > --
> > > > > Shiran Guez
> > > > > MCSE CCNP NCE1
> > > > > http://cciep3.blogspot.com
> > > > > http://www.linkedin.com/in/cciep3
> > > > >
> > > > >
> > > >
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART