[c-nsp] NAT-PT

[Bernhard Schmidt]

Bernhard Schmidt <berni at birkenwald.de> wrote:

> I'm currently trying to configure NAT-PT to allow our IPv6-only clients
> to access IPv4 hosts. We've bought an 2811 for this task (among others)
> and I tried following 

Okay, I have to test these thoroughly tomorrow, but my preliminary
findings are as following:

a) The (unexplained) parameter v4-mapped takes an ACL which I thought to
be "has to match the client address to be NATted". Turned out this was
wrong apparently, only the CLI gave a hint

ipv6-gw(config)#ipv6 nat prefix 2001:4ca0:0:ff03::/96 v4-mapped ?
  WORD  Access list name for local addresses

so my guess is that addresses matching the prefix and being hit by the
ACL are not NATed.


b) The overload parameter does not work, as soon as this is added I
can't get any connection through, even the first one.


c) IPv6 and IPv4 have to be on different interfaces (dualstacked does
not work, having IPv4 and IPv6 on different interfaces connected to the
same el-cheapo Netgear switch works fine).


So this is my configuration at the moment:

---
interface FastEthernet0/0
 description IPv6 uplink
 no ip address
 ipv6 address 2001:4CA0:0:FF00::FFFF/64
 ipv6 enable
 ipv6 nat
!
interface FastEthernet0/1
 description IPv4 uplink
 ip address 129.187.18.250 255.255.255.0
 ipv6 nat
!
ipv6 nat translation timeout 300
ipv6 nat v6v4 source list LRZ pool pool-v6v4
ipv6 nat v6v4 pool pool-v6v4 129.187.18.65 129.187.18.94 prefix-length
27
ipv6 nat prefix 2001:4CA0:0:FF03::/96 v4-mapped none
!
ipv6 access-list LRZ
 sequence 20 permit ipv6 2001:4CA0::/32 any log-input
---

bschmidt at lxbsc01:~$ telnet 2001:4ca0:0:ff03::83.170.6.69 25
Trying 2001:4ca0:0:ff03::53aa:645...
Connected to 2001:4ca0:0:ff03::83.170.6.69.
Escape character is '^]'.
220 mailout.mucip.net ESMTP Postfix

Phew...

Bernhard