Re: IPV6 NAT-PT

From: shiran guez (shiranp3@gmail.com)
Date: Thu Nov 08 2007 - 04:40:40 ART

• Next message: Ranjith Samuel: "Metrics for Redistribution in EIGRP"
• Previous message: Brian Dennis: "Re: OT: Multicast Auto-RP"
• Maybe in reply to: shiran guez: "IPV6 NAT-PT"
• Next in thread: Tarun Pahuja: "Re: IPV6 NAT-PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Tarun

first thank for the paitiants with me on this subject as I am very much
stuggling here on how and why it do not work.

NAT-PT
!
ipv6 unicast-routing
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:CC1E:146:146::2/64
 ipv6 nat
 ipv6 rip 1 enable
 ipv6 rip 1 default-information originate
!
interface Serial1/0
 ip address 10.10.0.2 255.255.255.0
 encapsulation frame-relay
 ipv6 nat
 serial restart-delay 0
 frame-relay map ip 10.10.0.1 201 broadcast
 no frame-relay inverse-arp
!
!
!
ipv6 router rip 1
!
ipv6 nat v4v6 source 10.10.0.1 2000:CC1E:5::5 <<<<<<<< AS you suggested
ipv6 nat v6v4 source route-map PT-SOURCE pool v4pool
ipv6 nat v6v4 pool v4pool 10.10.0.10 10.10.0.50 prefix-length 24
ipv6 nat prefix 2000::/96 <<<<<<<< AS you suggested
!
!
ipv6 prefix-list PT-LIST seq 5 permit 2001:CC1E:146:146::/64
ipv6 prefix-list PT-LIST seq 10 permit 2001:150:1:3::/64
route-map PT-SOURCE permit 10
 match ipv6 address prefix-list PT-LIST
!
!
R2#ping 10.10.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/72/148 ms

R2#sh ipv6 nat translations
Prot IPv4 source IPv6 source
      IPv4 destination IPv6 destination
--- --- ---
      10.10.0.1 2000:CC1E:5::5

R2#ping 2000:CC1E:5::5 sou f0/0 r 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 2000:CC1E:5::5, timeout is 2 seconds:
Packet sent with a source address of 2001:CC1E:146:146::2
*Mar 1 00:27:39.139: IPv6: SAS picked source 2001:CC1E:146:146::2 for
2000:CC1E
:5::5 (FastEthernet0/0)
*Mar 1 00:27:39.151: IPV6: source 2001:CC1E:146:146::2 (local)
*Mar 1 00:27:39.151: dest 2000:CC1E:5::5
*Mar 1 00:27:39.151: traffic class 0, flow 0x0, len 100+0, prot 58,
hops
64, Route not found.
Success rate is 0 percent (0/1)

as you can see the NAT-PT is not working for some reason!

On Nov 7, 2007 11:04 PM, Tarun Pahuja <pahujat@gmail.com> wrote:

> Shiran,
> In your configuration the first quartet of IP Nat Prefix
> (2000::/96) must match the first quartet of ipv6 address in "ipv6 nat v4v6"
> statement. You have it 2001:CC1E:5::5, Change it to 2000:CC1E:5::5. Also,
> Please remove the acl after ipv6 Nat Prefix.
>
> You should be fine.
>
> HTH,
> Tarun
>
>
> On 11/2/07, shiran guez <shiranp3@gmail.com> wrote:
>
> > what dose it mean destination
> > address = 2000::192.168.1.1 how can you ping 2000:: 192.168.1.1
> >
> >
> > R4#ping 2000::10.1.45.5
> > % Unrecognized host or address, or protocol not running.
> >
> > interface Ethernet0/1
> > no ip address
> > half-duplex
> > ipv6 address 2001:CC1E:146:146::4/64
> > ipv6 nat
> > ipv6 rip RIPng enable
> > ipv6 rip RIPng default-information originate
> > !
> > !
> > interface Serial1/1
> > ip address 10.1.45.4 255.255.255.0
> > ipv6 nat
> > !
> > !
> > ipv6 nat v4v6 source 10.1.45.5 2001:CC1E:5::5
> > ipv6 nat v6v4 source route-map PT-SOURCE pool v4pool
> > ipv6 nat v6v4 pool v4pool 10.1.45.10 10.1.45.50 prefix-length 24
> > ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
> > !
> > !
> > ipv6 prefix-list PT-LIST seq 5 permit 2001:CC1E:146:146::/64
> > ipv6 prefix-list PT-LIST seq 10 permit 2001:150:1:6::/64
> > route-map PT-SOURCE permit 10
> > match ipv6 address prefix-list PT-LIST
> > !
> >
> > R4 is connected via Serial to R5, R5 is pure v4 and R4 is the NAT-PT
> >
> > behind R4 there are R1 and R6 over a Ethernet R6 is Pure v6 and R1 is
> > dual
> > mode but with no NAT-PT or any other connection between the protocols.
> >
> > I want to be able to Ping from R6 to the v4 domain and from the v4
> > Domain to
> > ping to v6 Domain Dynamically.
> >
> > In my configuration I went according to the Documentation and I do not
> > understand practically how the Dynamic works.
> >
> >
> >
> >
> >
> > On 11/2/07, Phillip.McCollum@ins.com <Phillip.McCollum@ins.com > wrote:
> > >
> > > Shiran,
> > >
> > > I was pretty confused when working with this as well. Read over this
> > > line and see if it helps to sink in. Taken from
> > >
> > http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
> > > ipv6_c/sa_natpt.htm#wp1079515:
> > >
> > > ==========
> > > Enabling Traffic to be Sent from an IPv6 Network to an IPv4 Network
> > > without Using IPv6 Dastination Address Mapping: Example
> > >
> > > In the following example, the access list permits any IPv6 source
> > > address with the prefix 2001::/96 to go to the destination with a
> > > 2000::/96 prefix. The destination is then translated to the last 32
> > bit
> > > of its IPv6 address; for example: source address = 2001::1,
> > destination
> > > address = 2000::192.168.1.1. The destination then becomes 192.168.1.1in
> > > the IPv4 network:
> > >
> > > ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
> > >
> > > ipv6 access-list v4map_acl
> > > permit ipv6 2001::/96 2000::/96
> > >
> > > ==========
> > >
> > > Phillip
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > shiran guez
> > > Sent: Thursday, November 01, 2007 1:00 PM
> > > To: Cisco certification
> > > Subject: IPV6 NAT-PT
> > >
> > > I am going out of my mind to figure out this, it seam like this
> > > technology
> > > do not want to go trough my head.
> > > I already went trough the RFC and the Cisco DOC from univercd, but it
> > is
> > > not
> > > sinking in.
> > >
> > >
> > > I understand how the Static 1 to 1 work, but the Dynamic I do not see
> > > how
> > > can you set a range of address on one protocol and on the other
> > protocol
> > > without linking them one to one
> > >
> > > for say I have IPv6 Network on one side and IPV4 on the other side and
> > > NAT-PT between them, if i set a pool of IPv4 and a Prefix of /96 for
> > the
> > > IPv6 what address should I ping from the IPv6 to the IPv4 to reach a
> > > specific node if it is not mapped how can he know where to go?
> > >
> > > if some one have a better explanation and a working sample config I
> > > would
> > > much appreciate it as I am pooling hare as we speak.
> > >
> > >
> > > --
> > > Shiran Guez
> > > MCSE CCNP NCE1
> > > http://cciep3.blogspot.com
> > > http://www.linkedin.com/in/cciep3
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> >
> >
> > --
> > Shiran Guez
> > MCSE CCNP NCE1
> > http://cciep3.blogspot.com
> > http://www.linkedin.com/in/cciep3
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>

-- 
Shiran Guez
MCSE CCNP NCE1
http://cciep3.blogspot.com
http://www.linkedin.com/in/cciep3

• Next message: Ranjith Samuel: "Metrics for Redistribution in EIGRP"
• Previous message: Brian Dennis: "Re: OT: Multicast Auto-RP"
• Maybe in reply to: shiran guez: "IPV6 NAT-PT"
• Next in thread: Tarun Pahuja: "Re: IPV6 NAT-PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART