IPv6 NPTv6 (Network Prefix Translation)

Lesson Contents

NPTv6 stands for Network Prefix Translation and like NAT it allows the translation of IPv6. The difference, however, is that NPTv6 only translates prefixes. It doesn’t translate the host address, there is no “overload” like NAT where you can have multiple source addresses behind a single address. It’s a simple 1:1 translation for prefixes.

There are plenty of global IPv6 addresses so why would you want to use NPTv6? Here are two reasons:

  • Address independence: you don’t have to change your IPv6 prefixes on your local network when your global IPv6 prefix changes. On the other hand, IPv6 renumbering is not so bad compared to IPv4.
  • ULAs (Unique Local Addresses): NPTv6 translates the prefix in your ULAs to a global prefix that is routable on the Internet.
  • Access-lists: Your host has two IPv6 addresses and only one of them is permitted through some firewall. Your host won’t know which source address is permitted through the firewall so by using NPTv6, you can translate the address to a prefix that is permitted through the firewall.


Let’s see how we configure NPTv6. I’ll use this topology:

Ipv6 Nptv6 Three Devices Topology

What do we have?

  • H1 is a host on our internal network.
  • NPTv6 is the router where we configure NPTv6.
  • H3 is some host on the Internet.

The 2001:DB8:0:2::/64 prefix on the loopback 0 interface of NPTv6 is the global prefix that we want to translate to.

I pre-configured my devices with IPv6 addresses and static routes so that we have reachability between H1 and H3.


Want to take a look for yourself? Here you will find the startup configuration of each device.


hostname H1
ipv6 unicast-routing
ipv6 cef
interface GigabitEthernet0/1
 ipv6 address 2001:DB8:0:12::1/64
ipv6 route ::/0 2001:DB8:0:12::2


hostname H3
ipv6 unicast-routing
ipv6 cef
interface GigabitEthernet0/1
 ipv6 address 2001:DB8:0:23::3/64
ipv6 route ::/0 2001:DB8:0:23::2


hostname NPTV6
ipv6 unicast-routing
interface Loopback0
 ipv6 address 2001:DB8:0:2::2/64
interface GigabitEthernet2
 ipv6 address 2001:DB8:0:12::2/64
interface GigabitEthernet3
 ipv6 address 2001:DB8:0:23::2/64

Let’s get started. We first need to define the inside and outside interfaces:

NPTV6(config)#interface GigabitEthernet 2
NPTV6(config-if)#nat66 inside

NPTV6(config)#interface GigabitEthernet 3
NPTV6(config-if)#nat66 outside

The second (and last) thing to do is to tell the router what the inside and outside prefixes are:

NPTV6(config)#nat66 prefix inside 2001:DB8:0:12::/64 outside 2001:DB8:0:2::/64

The inside prefix is the link that we use between H1 and NPTv6, the outside prefix is the one on the loopback 0 interface. That’s all we have to configure.


There are only two show commands. Here’s the first one:

NPTV6#show nat66 prefix 

Prefixes configured: 1

NAT66 Prefixes

Id: 1          Inside 2001:DB8:0:12::/64 Outside 2001:DB8:0:2::/64

This shows us the prefixes that we configured. Let’s try a quick ping from H1:

H1#ping 2001:DB8:0:23::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:23::3, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/6/12 ms

The ping works but it doesn’t tell me if the prefix is translated. There’s another command for that:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 786 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

1608 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. Why did I use a loopback with a prefix instead of prefix 2001:DB8:0:23::/64 (the link between NPTv6 and H3)? I tried this the first time but it doesn’t work because H3 will do a neighbor solicitation for 2001:DB8:0:23::1/64 (the translated address). Since nobody responds to that address, the ping fails.

    I guess the question is - what if you changed the IP of H1 to 2001:DB8:0:12::2/64 (and swapped G2 to ::1)

    Then the translated address for H1 would be 2001:DB8:0:23::2/64 - so NPTV6 should respond to the neighbour solicitation :wink:

  2. Hello Chris.

    Yes that makes sense. You might want to try to lab it for confirmation and let us know of your results…


  3. I don’t understand the use of this prefix
    If the prefix is give by a ISP it do not belong to the Customer and if you are the owner of the prefix you can use BGP to still make it available
    Is there a pratical scenario where the is an advantage of using NPTv6


  4. Hello Fabrice

    IPv4 and IPv6 are similar in that they separate their respective addresses into two sections. The terminology used is somewhat different however. Where an IPv4 address is separated into the network portion and the host portion using a subnet mask, an IPv6 address is separated into a prefix and a host identifier using the prefix length.

    So for an IP address of 2001:DB8:0:12::1/64 as in the lesson, the prefix is 2001:DB8:0:12, the host identifier is ::1 and the prefix length is 64. 64 indicates what part of the address is the prefix, that is, the

    ... Continue reading in our forum

  5. Hello

    I don’t understand discussions of question “What are limitations in use of NPTv6 for IPv6 vs IPv6 address translation?”. Some people suppose that one of limitation is “1-to-1 prefix rewrite”. But other suppose that limitation is “mismatched prefix allocations”.

    It seems both versions are true. Anybody clarify me?


9 more replies! Ask a question or join the discussion by visiting our Community Forum