RE: IPv6 NAT-PT - ARP issue

Tom,
Here is something I wrote up a long time ago:
------------------------------------------
Enable NAT-PT on the inside and outside interfaces:
interface XXX
 ipv6 nat

What outside IPv4 Addresses will we NAT to the Inside:
ip access-list extended ipv4outside
 permit ip any any

To what addresses will we NAT the outside to for Inside access:
- These addresses are defined within the NAT Prefix
ipv6 nat v4v6 pool v6pool 2001:DB8:4100:BB::100 2001:DB8:4100:BB::FFFF:FFFF
prefix-length 96

What inside IPv6 Addresses will we NAT to the Outside:
ipv6 access-list ipv6inside
 permit ipv6 2001:DB8:4100:1::/64 any
 permit ipv6 2001:DB8:4100:2::/64 any

To what addresses will we NAT the inside to for Outside access:
- These addresses exist on the outside interface
ipv6 nat v6v4 pool v4pool 192.168.164.129 192.168.164.254 prefix-length 24

What is the IPv6 Prefix that we need to listen on:
ipv6 nat prefix 2001:DB8:4100:BB::/96

Create a static NAT to use for DNS requests:
- 192.168.164.34 is the IPv4 DNS server on the Outside
- 2001:DB8:4100:BB::2 is what we will assign to the systems on the
inside as their DNS Server
- The DNS Server will act as the glue, the NAT-PT DNS Application
Level Gateway (ALG) will convert AAAA requests to 2001:DB:4100:BB::2 in to A
requests to 192.168.164.34
ipv6 nat v4v6 source 192.168.164.34 2001:DB8:4100:BB::2

Now we need a dynamic pool in order to convert the A request responses in to
IPv6 AAAA responses:
- So here we will create a NAT entry for the returned IPv4 A Record
into an IPv6 address from the v6pool. And the DNS ALG will return a AAAA
record containing this IPv6 address.
ipv6 nat v4v6 source list ipv4outside pool v6pool

Now we need to be able to reach the outside, so here we create an IPv6
Inside to IPv4 Outside dynamic NAT translation:
ipv6 nat v6v4 source list ipv6inside pool v4pool
------------------------------------------

--
http://dcp.dcptech.com
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Tom Kacprzynski
> Sent: Tuesday, July 13, 2010 11:29 PM
> To: Cisco certification
> Subject: IPv6 NAT-PT - ARP issue
> 
> Hello,
>  I have a simple setup where one router in the middle does IPv6 NAT-PT
> translation. Everything looks good where IPv6 is translated to IPV4
> (both
> the source and destination), the ping gets to the destination (verified
> with
> debug ip icmp) but on the way back the response gets lost.
> 
> 
> With this setup (R6 has configured NAT-PT):
> SW1 (FC00:1:0:67::7) ------------------ >  R6 -------------------> R4
> (150.1.4.4)
> 
> 
> R6 NATing
> src (FC00:1:0:67::7) -> (155.1.146.*7*),
> dst (2000::9601:404) -> (150.1.4.4)
> 
> 
> 
> the problem is that when R4 ARPs for 155.1.146.*7* it comes up
> INCOMPLETE.
> 
> 
> 
> 
> Rack1R4#sh arp | i 155.1.146
> Internet  155.1.146.1           219   001e.f725.0b60  ARPA
> GigabitEthernet0/1
> Internet  155.1.146.4             -   001e.f766.c621  ARPA
> GigabitEthernet0/1
> Internet  155.1.146.6            49   001e.f702.a7a0  ARPA
> GigabitEthernet0/1
> Internet  155.1.146.*7 *            0   Incomplete      ARPA
> 
> For reference this is the nat config on R6:
> 
> interface GigabitEthernet0/0.67
>  ipv6 nat
> interface GigabitEthernet0/0.146
>  ipv6 nat
> ipv6 nat v4v6 source 150.1.4.4 2000::9601:404
> ipv6 nat v6v4 source FC00:1:0:67::7 155.1.146.7
> ipv6 nat prefix 2000::/96
> 
> Anyone have any ideas what could be wrong?
> 
> Thank you,
> 
> Tom
> 
> 
> Blogs and organic groups at http://www.ccie.net
> 
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net