Re: IPV6 NAT-PT

From: Tarun Pahuja (pahujat@gmail.com)
Date: Thu Nov 08 2007 - 05:29:02 ART

Shiran,
             Your config looks good now, If you do not not see a ping
response it is OK, you might need to tweak configs on the end
hosts or routers. Run Debug IPV6 nat and see if you see any translations.

HTH,
Tarun

On 11/8/07, shiran guez <shiranp3@gmail.com> wrote:
>
> Hi Tarun
>
>
> first thank for the paitiants with me on this subject as I am very much
> stuggling here on how and why it do not work.
>
> NAT-PT
> !
> ipv6 unicast-routing
> !
> !
> interface FastEthernet0/0
> no ip address
> duplex auto
> speed auto
> ipv6 address 2001:CC1E:146:146::2/64
> ipv6 nat
> ipv6 rip 1 enable
> ipv6 rip 1 default-information originate
> !
> interface Serial1/0
> ip address 10.10.0.2 255.255.255.0
> encapsulation frame-relay
> ipv6 nat
> serial restart-delay 0
> frame-relay map ip 10.10.0.1 201 broadcast
> no frame-relay inverse-arp
> !
> !
> !
> ipv6 router rip 1
> !
> ipv6 nat v4v6 source 10.10.0.1 2000:CC1E:5::5 <<<<<<<< AS you suggested
> ipv6 nat v6v4 source route-map PT-SOURCE pool v4pool
> ipv6 nat v6v4 pool v4pool 10.10.0.10 10.10.0.50 prefix-length 24
> ipv6 nat prefix 2000::/96 <<<<<<<< AS you suggested
> !
> !
> ipv6 prefix-list PT-LIST seq 5 permit 2001:CC1E:146:146::/64
> ipv6 prefix-list PT-LIST seq 10 permit 2001:150:1:3::/64
> route-map PT-SOURCE permit 10
> match ipv6 address prefix-list PT-LIST
> !
> !
> R2#ping 10.10.0.1
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.10.0.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 20/72/148 ms
>
> R2#sh ipv6 nat translations
> Prot IPv4 source IPv6 source
> IPv4 destination IPv6 destination
> --- --- ---
> 10.10.0.1 2000:CC1E:5::5
>
> R2#ping 2000:CC1E:5::5 sou f0/0 r 1
> Type escape sequence to abort.
> Sending 1, 100-byte ICMP Echos to 2000:CC1E:5::5, timeout is 2 seconds:
> Packet sent with a source address of 2001:CC1E:146:146::2
> *Mar 1 00:27:39.139: IPv6: SAS picked source 2001:CC1E:146:146::2 for
> 2000:CC1E
> :5::5 (FastEthernet0/0)
> *Mar 1 00:27:39.151: IPV6: source 2001:CC1E:146:146::2 (local)
> *Mar 1 00:27:39.151: dest 2000:CC1E:5::5
> *Mar 1 00:27:39.151: traffic class 0, flow 0x0, len 100+0, prot 58,
> hops
> 64, Route not found.
> Success rate is 0 percent (0/1)
>
> as you can see the NAT-PT is not working for some reason!
>
>
>
> On Nov 7, 2007 11:04 PM, Tarun Pahuja <pahujat@gmail.com> wrote:
>
> > Shiran,
> > In your configuration the first quartet of IP Nat Prefix
> > (2000::/96) must match the first quartet of ipv6 address in "ipv6 nat v4v6"
> > statement. You have it 2001:CC1E:5::5, Change it to 2000:CC1E:5::5. Also,
> > Please remove the acl after ipv6 Nat Prefix.
> >
> > You should be fine.
> >
> > HTH,
> > Tarun
> >
> >
> > On 11/2/07, shiran guez <shiranp3@gmail.com> wrote:
> >
> > > what dose it mean destination
> > > address = 2000::192.168.1.1 how can you ping 2000:: 192.168.1.1
> > >
> > >
> > > R4#ping 2000::10.1.45.5
> > > % Unrecognized host or address, or protocol not running.
> > >
> > > interface Ethernet0/1
> > > no ip address
> > > half-duplex
> > > ipv6 address 2001:CC1E:146:146::4/64
> > > ipv6 nat
> > > ipv6 rip RIPng enable
> > > ipv6 rip RIPng default-information originate
> > > !
> > > !
> > > interface Serial1/1
> > > ip address 10.1.45.4 255.255.255.0
> > > ipv6 nat
> > > !
> > > !
> > > ipv6 nat v4v6 source 10.1.45.5 2001:CC1E:5::5
> > > ipv6 nat v6v4 source route-map PT-SOURCE pool v4pool
> > > ipv6 nat v6v4 pool v4pool 10.1.45.10 10.1.45.50 prefix-length 24
> > > ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
> > > !
> > > !
> > > ipv6 prefix-list PT-LIST seq 5 permit 2001:CC1E:146:146::/64
> > > ipv6 prefix-list PT-LIST seq 10 permit 2001:150:1:6::/64
> > > route-map PT-SOURCE permit 10
> > > match ipv6 address prefix-list PT-LIST
> > > !
> > >
> > > R4 is connected via Serial to R5, R5 is pure v4 and R4 is the NAT-PT
> > >
> > > behind R4 there are R1 and R6 over a Ethernet R6 is Pure v6 and R1 is
> > > dual
> > > mode but with no NAT-PT or any other connection between the protocols.
> > >
> > >
> > > I want to be able to Ping from R6 to the v4 domain and from the v4
> > > Domain to
> > > ping to v6 Domain Dynamically.
> > >
> > > In my configuration I went according to the Documentation and I do not
> > >
> > > understand practically how the Dynamic works.
> > >
> > >
> > >
> > >
> > >
> > > On 11/2/07, Phillip.McCollum@ins.com <Phillip.McCollum@ins.com >
> > > wrote:
> > > >
> > > > Shiran,
> > > >
> > > > I was pretty confused when working with this as well. Read over this
> > > > line and see if it helps to sink in. Taken from
> > > >
> > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
> > > > ipv6_c/sa_natpt.htm#wp1079515:
> > > >
> > > > ==========
> > > > Enabling Traffic to be Sent from an IPv6 Network to an IPv4 Network
> > > > without Using IPv6 Dastination Address Mapping: Example
> > > >
> > > > In the following example, the access list permits any IPv6 source
> > > > address with the prefix 2001::/96 to go to the destination with a
> > > > 2000::/96 prefix. The destination is then translated to the last 32
> > > bit
> > > > of its IPv6 address; for example: source address = 2001::1,
> > > destination
> > > > address = 2000::192.168.1.1. The destination then becomes
> > > 192.168.1.1 in
> > > > the IPv4 network:
> > > >
> > > > ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
> > > >
> > > > ipv6 access-list v4map_acl
> > > > permit ipv6 2001::/96 2000::/96
> > > >
> > > > ==========
> > > >
> > > > Phillip
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com ] On
> > > Behalf Of
> > > > shiran guez
> > > > Sent: Thursday, November 01, 2007 1:00 PM
> > > > To: Cisco certification
> > > > Subject: IPV6 NAT-PT
> > > >
> > > > I am going out of my mind to figure out this, it seam like this
> > > > technology
> > > > do not want to go trough my head.
> > > > I already went trough the RFC and the Cisco DOC from univercd, but
> > > it is
> > > > not
> > > > sinking in.
> > > >
> > > >
> > > > I understand how the Static 1 to 1 work, but the Dynamic I do not
> > > see
> > > > how
> > > > can you set a range of address on one protocol and on the other
> > > protocol
> > > > without linking them one to one
> > > >
> > > > for say I have IPv6 Network on one side and IPV4 on the other side
> > > and
> > > > NAT-PT between them, if i set a pool of IPv4 and a Prefix of /96 for
> > > the
> > > > IPv6 what address should I ping from the IPv6 to the IPv4 to reach a
> > > > specific node if it is not mapped how can he know where to go?
> > > >
> > > > if some one have a better explanation and a working sample config I
> > > > would
> > > > much appreciate it as I am pooling hare as we speak.
> > > >
> > > >
> > > > --
> > > > Shiran Guez
> > > > MCSE CCNP NCE1
> > > > http://cciep3.blogspot.com
> > > > http://www.linkedin.com/in/cciep3
> > > >
> > > >
> > > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > >
> > >
> > >
> > > --
> > > Shiran Guez
> > > MCSE CCNP NCE1
> > > http://cciep3.blogspot.com
> > > http://www.linkedin.com/in/cciep3
> > >
> > > _______________________________________________________________________
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> >
>
>
> --
> Shiran Guez
> MCSE CCNP NCE1
> http://cciep3.blogspot.com
> http://www.linkedin.com/in/cciep3

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART