RE: IPV6 NAT-PT

From: Phillip.McCollum@ins.com
Date: Thu Nov 08 2007 - 12:34:51 ART

• Next message: Joseph Brunner: "RE: Errors in the DOC-CD for Multicast Intermediate Helper"
• Previous message: Rich Collins: "Re: Errors in the DOC-CD for Multicast Intermediate Helper"
• Maybe in reply to: shiran guez: "IPV6 NAT-PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

How will the router know where to send the packet if you don't have
2000:CC1E:5::x configured in your 'ipv6 nat prefix' command?

Phillip

From: Tarun Pahuja [mailto:pahujat@gmail.com]
Sent: Thursday, November 08, 2007 12:29 AM
To: shiran guez
Cc: McCollum, Phillip; ccielab@groupstudy.com
Subject: Re: IPV6 NAT-PT

Shiran,

             Your config looks good now, If you do not not see a ping
response it is OK, you might need to tweak configs on the end hosts or
routers. Run Debug IPV6 nat and see if you see any translations.

HTH,

Tarun

On 11/8/07, shiran guez <shiranp3@gmail.com> wrote:

Hi Tarun

first thank for the paitiants with me on this subject as I am very much
stuggling here on how and why it do not work.

NAT-PT

!
ipv6 unicast-routing
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:CC1E:146:146::2/64
 ipv6 nat
 ipv6 rip 1 enable
 ipv6 rip 1 default-information originate
!
interface Serial1/0
 ip address 10.10.0.2 <http://10.10.0.2/> 255.255.255.0
<http://255.255.255.0/>
 encapsulation frame-relay
 ipv6 nat
 serial restart-delay 0
 frame-relay map ip 10.10.0.1 <http://10.10.0.1/> 201 broadcast
 no frame-relay inverse-arp
!
!
!
ipv6 router rip 1
!
ipv6 nat v4v6 source 10.10.0.1 <http://10.10.0.1/> 2000:CC1E:5::5
<<<<<<<< AS you suggested
ipv6 nat v6v4 source route-map PT-SOURCE pool v4pool
ipv6 nat v6v4 pool v4pool 10.10.0.10 <http://10.10.0.10/> 10.10.0.50
<http://10.10.0.50/> prefix-length 24
ipv6 nat prefix 2000::/96 <<<<<<<< AS you suggested
!
!
ipv6 prefix-list PT-LIST seq 5 permit 2001:CC1E:146:146::/64
ipv6 prefix-list PT-LIST seq 10 permit 2001:150:1:3::/64
route-map PT-SOURCE permit 10
 match ipv6 address prefix-list PT-LIST
!
!

R2#ping 10.10.0.1 <http://10.10.0.1/>

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.0.1 <http://10.10.0.1/> ,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/72/148 ms

R2#sh ipv6 nat translations
Prot IPv4 source IPv6 source
      IPv4 destination IPv6 destination
--- --- ---
      10.10.0.1 <http://10.10.0.1/> 2000:CC1E:5::5

R2#ping 2000:CC1E:5::5 sou f0/0 r 1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 2000:CC1E:5::5, timeout is 2 seconds:
Packet sent with a source address of 2001:CC1E:146:146::2

*Mar 1 00:27:39.139: IPv6: SAS picked source 2001:CC1E:146:146::2 for
2000:CC1E
:5::5 (FastEthernet0/0)
*Mar 1 00:27:39.151: IPV6: source 2001:CC1E:146:146::2 (local)
*Mar 1 00:27:39.151: dest 2000:CC1E:5::5
*Mar 1 00:27:39.151: traffic class 0, flow 0x0, len 100+0, prot
58, hops
64, Route not found.
Success rate is 0 percent (0/1)

as you can see the NAT-PT is not working for some reason!

On Nov 7, 2007 11:04 PM, Tarun Pahuja <pahujat@gmail.com> wrote:

Shiran,

           In your configuration the first quartet of IP Nat Prefix
(2000::/96) must match the first quartet of ipv6 address in "ipv6 nat
v4v6" statement. You have it 2001:CC1E:5::5, Change it to
2000:CC1E:5::5. Also, Please remove the acl after ipv6 Nat Prefix.

You should be fine.

HTH,

Tarun

On 11/2/07, shiran guez <shiranp3@gmail.com > wrote:

        what dose it mean destination
        address = 2000:: 192.168.1.1 <http://192.168.1.1/> how can you
ping 2000:: 192.168.1.1 <http://192.168.1.1/>

        R4#ping 2000:: 10.1.45.5 <http://10.1.45.5/>
        % Unrecognized host or address, or protocol not running.

        interface Ethernet0/1
        no ip address
        half-duplex
        ipv6 address 2001:CC1E:146:146::4/64
        ipv6 nat
        ipv6 rip RIPng enable
        ipv6 rip RIPng default-information originate
        !
        !
        interface Serial1/1
        ip address 10.1.45.4 <http://10.1.45.4/> 255.255.255.0
<http://255.255.255.0/>
        ipv6 nat
        !
        !
        ipv6 nat v4v6 source 10.1.45.5 <http://10.1.45.5/>
2001:CC1E:5::5
        ipv6 nat v6v4 source route-map PT-SOURCE pool v4pool
        ipv6 nat v6v4 pool v4pool 10.1.45.10 <http://10.1.45.10/>
10.1.45.50 <http://10.1.45.50/> prefix-length 24
        ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
        !
        !
        ipv6 prefix-list PT-LIST seq 5 permit 2001:CC1E:146:146::/64
        ipv6 prefix-list PT-LIST seq 10 permit 2001:150:1:6::/64
        route-map PT-SOURCE permit 10
        match ipv6 address prefix-list PT-LIST
        !

        R4 is connected via Serial to R5, R5 is pure v4 and R4 is the
NAT-PT

        behind R4 there are R1 and R6 over a Ethernet R6 is Pure v6 and
R1 is dual
        mode but with no NAT-PT or any other connection between the
protocols.

        I want to be able to Ping from R6 to the v4 domain and from the
v4 Domain to
        ping to v6 Domain Dynamically.

        In my configuration I went according to the Documentation and I
do not
        understand practically how the Dynamic works.

        On 11/2/07, Phillip.McCollum@ins.com < Phillip.McCollum@ins.com
<mailto:Phillip.McCollum@ins.com> > wrote:
>
> Shiran,
>
> I was pretty confused when working with this as well. Read
over this
> line and see if it helps to sink in. Taken from
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
> ipv6_c/sa_natpt.htm#wp1079515:
>
> ==========
> Enabling Traffic to be Sent from an IPv6 Network to an IPv4
Network
> without Using IPv6 Dastination Address Mapping: Example
>
> In the following example, the access list permits any IPv6
source
> address with the prefix 2001::/96 to go to the destination
with a
> 2000::/96 prefix. The destination is then translated to the
last 32 bit
> of its IPv6 address; for example: source address = 2001::1,
destination
> address = 2000::192.168.1.1 <http://192.168.1.1/> . The
destination then becomes 192.168.1.1 <http://192.168.1.1/> in
> the IPv4 network:
>
> ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
>
> ipv6 access-list v4map_acl
> permit ipv6 2001::/96 2000::/96
>
> ==========
>
> Phillip
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com ] On
Behalf Of
> shiran guez
> Sent: Thursday, November 01, 2007 1:00 PM
> To: Cisco certification
> Subject: IPV6 NAT-PT
>
> I am going out of my mind to figure out this, it seam like
this
> technology
> do not want to go trough my head.
> I already went trough the RFC and the Cisco DOC from univercd,
but it is
> not
> sinking in.
>
>
> I understand how the Static 1 to 1 work, but the Dynamic I do
not see
> how
> can you set a range of address on one protocol and on the
other protocol
> without linking them one to one
>
> for say I have IPv6 Network on one side and IPV4 on the other
side and
> NAT-PT between them, if i set a pool of IPv4 and a Prefix of
/96 for the
> IPv6 what address should I ping from the IPv6 to the IPv4 to
reach a
> specific node if it is not mapped how can he know where to go?

>
> if some one have a better explanation and a working sample
config I
> would
> much appreciate it as I am pooling hare as we speak.
>
>
> --
> Shiran Guez
> MCSE CCNP NCE1
> http://cciep3.blogspot.com <http://cciep3.blogspot.com/>
> http://www.linkedin.com/in/cciep3
>
>

• Next message: Joseph Brunner: "RE: Errors in the DOC-CD for Multicast Intermediate Helper"
• Previous message: Rich Collins: "Re: Errors in the DOC-CD for Multicast Intermediate Helper"
• Maybe in reply to: shiran guez: "IPV6 NAT-PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART