Cisco NAT64 Static Configuration

In this lesson we’ll take a look how to configure NAT64 so that an IPv4 host can communicate with an IPv6 host. Here’s the topology I will use:

R1 R2 R3 IPv4 IPv6 addressing

On the left side we have R1 where we use IPv4, on the right side we use R3 which only uses IPv6.

R2 in the middle will be configured for static NAT64 so that these two routers can communicate with each other.

NAT64 is a bit more complicated than “regular” NAT that you know from IPv4. When we use IPv4 NAT for internet connectivity then you only need to translate the source address, with NAT64 we have to translate everything.

When we send a packet from R1 to R3, what destination address will we use? R1 only understands IPv4 and R3 only understands IPv6.

To make this work, R1 needs to think it’s talking to an IPv4 address and R3 needs to think it’s talking with an IPv6 address. We’ll need some “mapping” between addresses and protocols on our NAT64 router.

Let’s take a look how it works…

Configuration

I will configure everything from scratch, let’s start with the interfaces:

R1(config)#interface FastEthernet 0/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R2(config)#interface FastEthernet 0/0
R2(config-if)#ip address 192.168.12.2 255.255.255.0

R2(config)#interface FastEthernet 1/0
R2(config-if)#ipv6 address 2001:DB8:2323:2323::2/64
R3(config)#interface FastEthernet 0/0
R3(config-if)#ipv6 address 2001:DB8:2323:2323::3/64

That’s all we need. R2 will require unicast routing or it won’t do any NAT64 at all:

R2(config)#ipv6 unicast-routing

R3 will require a default route to R2, you’ll see why when we configure NAT64:

R3(config)#ipv6 route ::/0 2001:DB8:2323:2323::2

Before we configure NAT64, let’s do a quick test to make sure R2 can reach both routers:

R2#ping 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms
R2#ping 2001:DB8:2323:2323::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:2323:2323::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms

So far so good, now we can enable NAT64. First we have to enable it on the interfaces:

R2(config)#interface FastEthernet 0/0
R2(config-if)#nat64 enable
R2(config)#interface FastEthernet 1/0
R2(config-if)#nat64 enable 

Once you enable this you will see a syslog message that tells us that a virtual interface has been created:

%LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up

Now we can configure the actual translation rules. We will use a fake IPv4 address that R1 can use as its destination and a fake IPv6 address that R3 can use as its destination.

IANA has allocated prefix 64:FF9B::/96 for NAT64 translations. When R2 receives anything that starts with this prefix then it will be processed by NAT64. We can use this prefix or we can use another one, I’ll show you how to choose your own prefix:

R2(config)#nat64 prefix stateful 3001::/96

Now we can use prefix 3001::/96 for our translation.

Let’s configure the actual translation rule:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 662 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

515 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. Hi Rene, correction:

    R2(config)#interface GigabitEthernet 2

    your diagram shows FastEhternet interfaces but in the configuration you are saying GigabitEthernet.

  2. Hello Stuart

    For the most part you are correct that NAT64 has a limited usage in real world applications. However, there are cases where it is necessary. Also, it is supported by Cisco IOS-XE 15.1(3)S4 as well as Cisco ASA 9.1 and later.

    Running two protocols in parallel always requires more management overhead, and if it can be avoided at all, it is good to do so. Unfortunately, it’s not always possible.

    I hope this has been helpful!

    Laz

  3. Hello sales2161

    Well, it all depends on your point of view. :stuck_out_tongue:

    When we talk about NAT in IPv4, we traditionally talk about “real” and “fake”, public and private, routeable and non-routable addresses because we are translating for the purpose of conserving addresses. So there is a meaning to these terms. However, NAT in a more general sense is a translation from one IP address range to another, regardless of whether the addresses are private, public, routable or not. You could translate from 10.10.10.0/24 to 172.16.0.0/24 for example. In such a case, which is

    ... Continue reading in our forum

  4. Hello Laz,
    I was able to lab everything up and get this working. I tried a different fake ip address and i see the transalation taking place.

    Router#show nat64 translations
    Proto   Original IPv4           Translated IPv4
            Translated IPv6         Original IPv6
    --------------------------------------------------------
    ---     ---                     ---
            192.168.12.35           2001:DB8:2323:2323::3
    
    Total number of translations: 1
    

    But i am still not clear on what is allowing me to ping a fake ip address that is defined in the statement.

    #nat64 v6v

    ... Continue reading in our forum

  5. Hi Laz,
    Thank you for the explanation. that is really useful.

    Andy

18 more replies! Ask a question or join the discussion by visiting our Community Forum