Translating Amid IPv6 and IPv4
Problem
You appetite to configure a router to act as a aperture amid IPv4 and IPv6 networks.
Solution
Cisco includes a agreement adaptation affection that allows you to interconnect IPv6 and IPv4 networks:
Router1#configure terminal
Enter agreement commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 access-list ALLOWED-NAT-DEVS
Router1(config-ipv6-acl)# admittance ipv6 any any
Router1(config-ipv6-acl)#exit
Router1(config)#ipv6 nat prefix ::FFFF:0.0.0.0/96 v4-mapped ALLOWED-NAT-DEVS
Router1(config)#ipv6 nat v6v4 antecedent AAAA:5::AA9 192.168.56.100
Router1(config)#interface FastEthernet0/0
Router1(config-if)#no ip address
Router1(config-if)#ipv6 abode AAAA:5::2012/64
Router1(config-if)#ipv6 nat
Router1(config-if)#exit
Router1(config)#interface Serial0/0
Router1(config-if)#ip abode 192.168.55.12 255.255.255.0
Router1(config-if)#ipv6 nat
Router1(config-if)#exit
Router1(config)#end
Router1#
Discussion
Starting in IOS Version 12.2(13)T, Cisco alien the adeptness to use a router as a agreement gateway, advice amid IPv6 and IPv4 worlds by agency of Arrangement Abode Adaptation with Agreement Adaptation (NAT-PT). For added advice on NAT in general, amuse accredit to Chapter 21.
RFCs 4038 and 4291 accommodate discussions of how to abode IPv4 packets that arise in an IPv6 network. The accepted accepted adjustment is alleged the "IPv4-Mapped IPv6 Address," which works actual simply. If an IPv6 accessory wants to accelerate a packet to an IPv4 accessory whose abode is A.B.C.D, afresh it uses the IPv6 destination address, ::FFFF:A.B.C.D. We accept acclimated this accepted in this recipe:
Router1(config)#ipv6 access-list ALLOWED-NAT-DEVS
Router1(config-ipv6-acl)#permit ipv6 any any
Router1(config-ipv6-acl)#exit
Router1(config)#ipv6 nat prefix ::FFFF:0.0.0.0/96 v4-mapped ALLOWED-NAT-DEVS
The ipv6 nat prefix command actuality defines the IPv6 prefix that will be acclimated back advice IPv4 addresses. By including the keyword v4-mapped, we acquaint the router to artlessly archetype the 4 octets of the IPv4 abode into the aftermost 32 $.25 of the translated IPv6 address. The v4-mapped keyword was alien in IOS Version 12.3(14)T to affluence acquiescence with RFC 4038.
We accept additionally authentic an IPv6 access-list with this command that specifies that all IPv6 accessories are accustomed to use this rule. If you would adopt to use a added akin ACL here, you can calmly do so. For example, we ability accept capital to specify a distinct host:
Router1(config)#ipv6 access-list ALLOWED-NAT-DEVS
Router1(config-ipv6-acl)#permit ipv6 host AAAA:5::AA9 any
Or we ability accept capital to specify a ambit of accustomed devices:
Router1(config)#ipv6 access-list ALLOWED-NAT-DEVS
Router1(config-ipv6-acl)#permit ipv6 AAAA:5::/64 any
For added advice on IPv6 access-lists and access-lists in general, amuse accredit to Chapter 19.
The abutting NAT-PT command configures a changeless adaptation amid an IPv6 accessory and the IPv4 abode that refers to this accessory in the IPv4 network. Unfortunately, there is no way to abnormally encode a 128-bit IPv6 abode in a 32-bit IPv4 address, so if we appetite abounding two-way connectivity amid these networks, we charge use a changeless rule. This is authentic application the ipv6 nat v6v4 antecedent command:
Router1(config)#ipv6 nat v6v4 antecedent AAAA:5::AA9 192.168.56.100
In this case, we accept absitively to accessory the IPv6 all-around unicast address, AAAA:5::AA9, with the IPv4 address, 192.168.56.100. Now all admission IPv4 packets addressed to 192.168.56.100 will be translated into IPv6 packets and forwarded to AAAA:5::AA9. Similarly, all approachable IPv6 packets with this IPv6 antecedent abode will be translated into IPv4 packets with the authentic IPv4 antecedent address.
The final footfall is to accessory this NAT-PT aphorism with router interfaces:
Router1(config)#interface FastEthernet0/0
Router1(config-if)#no ip address
Router1(config-if)#ipv6 abode AAAA:5::2012/64
Router1(config-if)#ipv6 nat
Router1(config-if)#exit
Router1(config)#interface Serial0/0
Router1(config-if)#ip abode 192.168.55.12 255.255.255.0
Router1(config-if)#ipv6 nat
Router1(config-if)#exit
In this example, FastEthernet0/0 connects to the IPv6 network, while Serial0/0 connects to the IPv4 network. Both of these interfaces are associated with the NAT-PT aphorism application the ipv6 nat command. Note that there is no "inside" or "outside" NAT interface actuality as we saw back we looked at NAT for IPv4 in Chapter 21.
You can afresh attending at the NAT-PT adaptation table with the command appearance ipv6 nat translations:
Router1#show ipv6 nat translations
Prot IPv4 antecedent IPv6 source
IPv4 destination IPv6 destination
--- --- ---
192.168.55.3 ::FFFF:192.168.55.3
tcp 192.168.56.100,80 AAAA:5::AA9,80
192.168.55.3,15609 ::FFFF:192.168.55.3,15609
tcp 192.168.56.100,60215 AAAA:5::AA9,60215
192.168.55.3,23 ::FFFF:192.168.55.3,23
--- 192.168.56.100 AAAA:5::AA9
192.168.55.3 ::FFFF:192.168.55.3
--- 192.168.56.100 AAAA:5::AA9
--- ---
Router1#
This achievement shows several mappings amid the aforementioned addresses. Focusing on the two TCP connections, we see that the alien device, 192.168.55.3, fabricated a affiliation to TCP anchorage 80 (HTTP) on destination accessory 192.168.56.100, and with an TCP approximate antecedent anchorage of 15609. This was translated to an IPv6 destination abode of AAAA:5::AA9 on TCP anchorage 80, and a antecedent abode of ::FFFF:192.168.55.3, with a TCP antecedent anchorage of 15609 already again.
The additional TCP affiliation started on the IPv6 side. The IPv6 accessory AAAA:5::AA9 fabricated a TCP affiliation on anchorage 23 (Telnet) to the IPv6 destination address, ::FFFF:192.168.55.3, application the approximate TCP antecedent anchorage of 60215. NAT-PT rewrote this IPv6 packet as an IPv4 packet with a antecedent abode of 192.168.56.100 and antecedent anchorage of 60215 with a destination abode of 192.168.55.3 on anchorage 23.
In this example, we capital abounding two-way connectivity, so we were affected to use a changeless mapping for the IPv6 ancillary of the network. However, if we apperceive that all access will arise from the IPv6 network, afresh we can use Anchorage Abode Adaptation (PAT), and map all centralized IPv6 addresses to a distinct alien IPv4 address, such as the IP abode on the IPv4 ancillary of the router:
Router1(config)#ipv6 nat v6v4 antecedent account ALLOWED-NAT-DEVS interface Serial0/0 overload
The afflict keyword in this command works absolutely the aforementioned way as in NAT for IPv4, allotment assorted centralized addresses to a distinct alien address.
See Also