July | 2009 | CCIE, the beginning!

Ipv6 NAT-PT Transition

July 27, 2009 30 Comments

NAT-PT method allows IPv6-ONLY nodes to communicate with IPv4-ONLY nodes or vice versa, a sort of gateway for IPv4/IPv6 networks, so dual stack is needed ONLY on the NAT-PT device.

This Transition method could be useful when IPv6 is be the predominant connectivity type with a need to connect to specific IPv4 nodes, in their way to die out. Although this method is deprecated, it could be an excelent introduction to understand NAT64/DNS64.

Depending on your needs you can use NAT-PT in four different ways (similar to NAT for IPv4):

Static NAT-PT.
Dynamic NAT-PT.
PAT overload.
IPv4-mapped.

Also an example of NAT-PT with ALG (Application Layer Gateway) is provided.

In this lab, IPv6 site is communicating with specific IPv4 nodes from IPv4 site (except for IPv4-mapped NAT-prefix)

Figure 1 illustratesthe Lab topology used to test each of the previously mentioned NAT-PT methods.

Figure 1 Topology:

Let’s suppose you have an internal IPv6-only network, and you want to communicate with the outside world (IPv4-ONLY). All hosts will see the outside world as IPv6; also the outside world will see your addresses as IPv4 and will have no idea about what is happening inside your network. (figure 2,3)

Both networks route their traffic to the Border router (NAT gateway) supporting dual-stack, where translation from IPv6 to IPv4 and IPv4 to IPv6 is be performed.

Figure 2: The network as seen from IPv4 side.

Figure 3: The network as seen from IPv6 side

The key concept in Translation is how the IPv6 site will see IPv4 nodes, and how IPv4 site will see IPv6 nodes (figure2 & 3)

STATIC NAT-PT

Table 1 :v6v4 Address translation

*v6v4*	*IPv6 network* IPv6	*IPv6 nodes as seen by IPv4 network*	IPv4
	2001:a:b:c::1/64	====> will be seen as	192.168.40.1
	2001:a:b:c::2/64	====> will be seen as	192.168.40.2
	2001:a:b:c::3/64	====> will be seen as	192.168.40.3

Any traffic originated from 2001:a:b:c::
will trigger v6v4 operations. (figure4)

The prefix 2001:a:b:c:: represents IPv6 address scheme inside IPv6 site.

Table 2 :v4v6 Address translation

v4v6

IPv4 node

IPv4 nodes as seen by IPv6 network

IPv6 network

IPv6

192.168.40.200

====> will be seen as

2001::c0a8:28c8/96

c0a8:28c8 Is the representation of IPv4 address in Hexadecimal.

The prefix 2001::/96

is called NAT-PT prefix and represents IPv6 address prefix reserved for IPv4 nodes from the IPv4 site as seen from the IPv6 site, it could be part of the IPv6 site address scheme or a different prefix allocated from the ISP for the subject in matter.

Any IPv4 node will be represented inside IPv6 site as <NAT-PT-prefix>::<IPv4-in-hex>

So any traffic destined to an IPv6 address with <NAT-PT-prefix> will trigger v4v6 operations. (figure4)

As mentioned earlier, IPv6 site is communicating with specific IPv4 nodes from IPv4 site (except for IPv4-mapped NAT-prefix).

Figure 4: v6v4 & v4v6 operations

Static NAT-PT:

!! This is the IPv6 side interface
interface FastEthernet0/0

no ip address

ipv6 address 2001:A:B:C::4/64

!! Enable IPv6 NAT

ipv6 nat

!

!! This is the IPv4 side interface

interface FastEthernet1/0

ip address 192.168.40.199 255.255.255.0

!! Enable IPv6 NAT

ipv6 nat

!

!

!! any IPv6 packet with destination 2001::c0a8:28c8 will be translated to an IPv4 destination !!192.168.40.200

ipv6 nat v4v6 source 192.168.40.200 2001::C0A8:28C8

!! any IPv6 packet with IPv6 source address 2001:a:b:c:X with X=1,2,3 will be translated to an IPv4 source address 192.168.40.X with X=1,2,3 respectively.

ipv6 nat v6v4 source 2001:A:B:C::1 192.168.40.1

ipv6 nat v6v4 source 2001:A:B:C::2 192.168.40.2

ipv6 nat v6v4 source 2001:A:B:C::3 192.168.40.3

!! Enable IPv6 unicast routing

ipv6 unicast-routing

!
!! IPv6 prefix 2001::/96 is allocated to represent IPv4 addresses in IPv6 format and will be inspected by NAT-PT otherwise dropped

ipv6 nat prefix 2001::/96

connectivity check:

Routerv6_1#ping 2001::C0A8:28C8 repeat 3
Type escape sequence to abort.

Sending 3, 100-byte ICMP Echos to 2001::C0A8:28C8, timeout is 2 seconds:

!!!

Success rate is 100 percent (3/3), round-trip min/avg/max = 72/80/88 ms

Routerv6_1#

Routerv6_2#ping 2001::C0A8:28C8 repeat 3

Type escape sequence to abort.

Sending 3, 100-byte ICMP Echos to 2001::C0A8:28C8, timeout is 2 seconds:

!!!

Success rate is 100 percent (3/3), round-trip min/avg/max = 60/125/164 ms

Routerv6_2#

Routerv6_3#ping 2001::C0A8:28C8 repeat 3

Type escape sequence to abort.

Sending 3, 100-byte ICMP Echos to 2001::C0A8:28C8, timeout is 2 seconds:

!!!

Success rate is 100 percent (3/3), round-trip min/avg/max = 88/134/208 ms

Routerv6_3#

Each traffic from each IPv6 host is translated according to the configured static NAT-PT

NAT-PT#
*Mar 1 04:18:57.446: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.1), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:18:57.502: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.1) -> (2001:A:B:C::1)

*Mar 1 04:18:57.554: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.1), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:18:57.634: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.1) -> (2001:A:B:C::1)

*Mar 1 04:18:57.662: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.1), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:18:57.682: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.1) -> (2001:A:B:C::1)

NAT-PT#

NAT-PT(config)#
*Mar 1 04:25:50.854: IPv6 NAT: icmp src (2001:A:B:C::2) -> (192.168.40.2), dst (2001::C0A8:28C8) -> (192.168.40.200)
*Mar 1 04:25:50.962: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.2) -> (2001:A:B:C::2)

*Mar 1 04:25:51.022: IPv6 NAT: icmp src (2001:A:B:C::2) -> (192.168.40.2), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:25:51.038: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.2) -> (2001:A:B:C::2)

*Mar 1 04:25:51.086: IPv6 NAT: icmp src (2001:A:B:C::2) -> (192.168.40.2), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:25:51.178: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.2) -> (2001:A:B:C::2)

NAT-PT(config)#

NAT-PT(config)#
*Mar 1 04:26:13.274: IPv6 NAT: icmp src (2001:A:B:C::3) -> (192.168.40.3), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:26:13.354: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.3) -> (2001:A:B:C::3)

*Mar 1 04:26:13.398: IPv6 NAT: icmp src (2001:A:B:C::3) -> (192.168.40.3), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:26:13.470: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.3) -> (2001:A:B:C::3)

*Mar 1 04:26:13.494: IPv6 NAT: icmp src (2001:A:B:C::3) -> (192.168.40.3), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:26:13.570: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.3) -> (2001:A:B:C::3)

NAT-PT(config)#

NAT-PT#sh ipv6 nat translations
Prot IPv4 source IPv6 source

IPv4 destination IPv6 destination

— — —

192.168.40.200 2001::C0A8:28C8

— 192.168.40.1 2001:A:B:C::1

192.168.40.200 2001::C0A8:28C8

— 192.168.40.1 2001:A:B:C::1

— —

NAT-PT#

DYNAMIC NAT-PT

With Dynamic translation, a specific IPv6 prefix will be translated to a pool of IPv4 addresses as the source address; and the destination is translated to the static v4v6 entry.

Table 3 :v6v4 Address translation

*v6v4*	*IPv6 network* IPv6	*IPv6 nodes as seen by IPv4 network*	IPv4
	Any 2001:a:b:c::/64 node (3 nodes in our case)	====> will be represented by	192.168.40.1
			192.168.40.2
			192.168.40.3

Any traffic originated from 2001:a:b:c::/64
will trigger v6v4 operations.

Because there is three IPv6 nodes and three IPv4 addresses, a one-to-one translation will occur.

Table 4 :v4v6 Address translation

v4v6

IPv4 node

IPv4 nodes as seen by IPv6 network

IPv6 network

IPv6

192.168.40.200

====> will be seen as

2001::c0a8:28c8/96

interface FastEthernet0/0
no ip address

ipv6 address 2001:A:B:C::4/64

ipv6 nat

!

interface FastEthernet1/0

ip address 192.168.40.199 255.255.255.0

ipv6 nat

!

!! Enable IPv6 unicast routing

ipv6 unicast-routing

!

ipv6 nat v4v6 source 192.168.40.200 2001::C0A8:28C8

ipv6 nat v6v4 source list list_to-ipv4 pool ipv4_pool

ipv6 nat v6v4 pool ipv4_pool 192.168.40.1 192.168.40.3 prefix-length 24

ipv6 nat prefix 2001::/96

!

ipv6 access-list list_to-ipv4

permit ipv6 2001:A:B:C::/64 any

Connectivity check:

NAT-PT(config)#do sh ipv6 nat trans
Prot IPv4 source IPv6 source

IPv4 destination IPv6 destination

— — —

192.168.40.200 2001::C0A8:28C8

— 192.168.40.1 2001:A:B:C::1

192.168.40.200 2001::C0A8:28C8

— 192.168.40.1 2001:A:B:C::1

— —

— 192.168.40.2 2001:A:B:C::2

192.168.40.200 2001::C0A8:28C8

— 192.168.40.2 2001:A:B:C::2

— —

— 192.168.40.3 2001:A:B:C::3

192.168.40.200 2001::C0A8:28C8

— 192.168.40.3 2001:A:B:C::3

— —

NAT-PT(config)#

NAT-PT(config)#do sh ipv6 nat stat
Total active translations: 7 (-5 static, 12 dynamic; 0 extended)

NAT-PT interfaces:

FastEthernet0/0, FastEthernet1/0, NVI0

Hits: 0 Misses: 0

Expired translations: 0

NAT-PT(config)#

debug:

NAT-PT(config)#
*Mar 1 04:44:15.454: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.1), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:44:15.586: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.1) -> (2001:A:B:C::1)

*Mar 1 04:44:15.650: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.1), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:44:15.730: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.1) -> (2001:A:B:C::1)

*Mar 1 04:44:15.794: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.1), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:44:15.810: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.1) -> (2001:A:B:C::1)

NAT-PT(config)#

NAT-PT(config)#

NAT-PT(config)#

*Mar 1 04:44:29.122: IPv6 NAT: icmp src (2001:A:B:C::2) -> (192.168.40.2), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:44:29.230: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.2) -> (2001:A:B:C::2)

*Mar 1 04:44:29.262: IPv6 NAT: icmp src (2001:A:B:C::2) -> (192.168.40.2), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:44:29.326: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.2) -> (2001:A:B:C::2)

*Mar 1 04:44:29.386: IPv6 NAT: icmp src (2001:A:B:C::2) -> (192.168.40.2), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:44:29.410: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.2) -> (2001:A:B:C::2)

NAT-PT(config)#

NAT-PT(config)#

NAT-PT(config)#

*Mar 1 04:44:42.434: IPv6 NAT: icmp src (2001:A:B:C::3) -> (192.168.40.3), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:44:42.514: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.3) -> (2001:A:B:C::3)

*Mar 1 04:44:42.546: IPv6 NAT: icmp src (2001:A:B:C::3) -> (192.168.40.3), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:44:42.574: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.3) -> (2001:A:B:C::3)

*Mar 1 04:44:42.622: IPv6 NAT: icmp src (2001:A:B:C::3) -> (192.168.40.3), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:44:42.678: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.3) -> (2001:A:B:C::3)

NAT-PT(config)#

PAT NAT-PT

Table 5 :v6v4 Address translation

v6v4

IPv6 network

IPv6

IPv6 nodes as seen by IPv4 network

IPv4

Any 2001:a:b:c::/64 node (3 nodes in our case)

====> will be represented by

192.168.40.199

Any traffic originated from 2001:a:b:c::/64
will trigger v6v4 operations and will be translated to the unique IPv4 outbound interface.

Table 6 :v4v6 Address translation

v4v6

IPv4 node

IPv4 nodes as seen by IPv6 network

IPv6 network

IPv6

192.168.40.200

====> will be seen as

2001::c0a8:28c8/96

We’re still communicating to IPv4 node 192.168.40.200 represented by 2001::c0a8:28c8/96.

By the way, IOS will not allow you to disable configured commands, if their corresponding translations are still active, so you have to clear all translation entries before making any changes in the configuration.

NAT-PT(config)#no ipv6 nat v6v4 source list list_to-ipv4 pool ipv4_pool
NAT-PT(config)#$ ipv4_pool 192.168.40.1 192.168.40.3 prefix-length 24

%Pool ipv4_pool in use, cannot destroy

NAT-PT(config)#

*Mar 1 04:56:14.094: %Dynamic mapping in use, cannot remove

NAT-PT(config)#do clear ipv6 nat trans *

NAT-PT(config)#

NAT-PT(config)#no ipv6 nat v6v4 source list list_to-ipv4 pool ipv4_pool

NAT-PT(config)#no ipv4_pool 192.168.40.1 192.168.40.3 prefix-length 24

NAT-PT(config)#

interface FastEthernet0/0
no ip address

ipv6 address 2001:A:B:C::4/64

ipv6 nat

!

interface FastEthernet1/0

ip address 192.168.40.199 255.255.255.0

ipv6 nat

ipv6 nat v4v6 source 192.168.40.200 2001::C0A8:28C8

ipv6 nat v6v4 source list list_to-ipv4 interface overload

ipv6 nat prefix 2001::/96

!

ipv6 access-list list_to-ipv4

permit ipv6 2001:A:B:C::/64 any

NAT-PT(config)#do sh ipv6 nat translation
Prot IPv4 source IPv6 source

IPv4 destination IPv6 destination

— — —

192.168.40.200 2001::C0A8:28C8

icmp 192.168.40.199,7704 2001:A:B:C::1,7704

192.168.40.200,7704 2001::C0A8:28C8,7704

icmp 192.168.40.199,7126 2001:A:B:C::2,7126

192.168.40.200,7126 2001::C0A8:28C8,7126

icmp 192.168.40.199,9979 2001:A:B:C::3,9979

192.168.40.200,9979 2001::C0A8:28C8,9979

NAT-PT(config)#

NAT-PT(config)#do sh ipv6 nat stat
Total active translations: 4 (-5 static, 9 dynamic; 3 extended)

NAT-PT interfaces:

FastEthernet0/0, FastEthernet1/0, NVI0

Hits: 0 Misses: 0

Expired translations: 0

NAT-PT(config)#

NAT-PT(config)#
*Mar 1 04:59:10.218: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:59:10.310: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::1)

*Mar 1 04:59:10.366: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:59:10.418: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::1)

*Mar 1 04:59:10.466: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:59:10.514: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::1)

NAT-PT(config)#

NAT-PT(config)#

*Mar 1 04:59:20.674: IPv6 NAT: icmp src (2001:A:B:C::2) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:59:20.766: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::2)

*Mar 1 04:59:20.826: IPv6 NAT: icmp src (2001:A:B:C::2) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:59:20.882: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::2)

*Mar 1 04:59:20.918: IPv6 NAT: icmp src (2001:A:B:C::2) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:59:20.950: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::2)

NAT-PT(config)#

NAT-PT(config)#

*Mar 1 04:59:24.266: IPv6 NAT: icmp src (2001:A:B:C::3) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:59:24.354: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::3)

*Mar 1 04:59:24.402: IPv6 NAT: icmp src (2001:A:B:C::3) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:59:24.450: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::3)

*Mar 1 04:59:24.482: IPv6 NAT: icmp src (2001:A:B:C::3) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 04:59:24.526: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::3)

NAT-PT(config)#

DNS embedded data (ALG)

Let’s keep previously configured PAT and see how NAT-PT handle application layer data like IPv6 addresses embedded in the DNS traffic.

We a need static translation to access the specific IPv4 node (DNS server).

Name lookup is enabled and DNS IPv6 address configured.

NAT-PT:

ipv6 nat v4v6 source 192.168.40.104
2001::C0A8:2858

!

ip domain lookup

ip domain name nouri.com

ip name-server 2001::C0A8:2858

On Clients:

ip domain lookup
ip domain name nouri.com

ip name-server 2001::C0A8:2858

The following shows successful connectivity with the DNS server:

Routerv6_1#ping 2001::C0A8:2858 repeat 1
Type escape sequence to abort.

Sending 1, 100-byte ICMP Echos to 2001::C0A8:2858, timeout is 2 seconds:

!

Success rate is 100 percent (1/1), round-trip min/avg/max = 88/88/88 ms

Routerv6_1#

NAT-PT(config)#
*Mar 1 05:37:46.478: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:2858) -> (192.168.40.104)

*Mar 1 05:37:46.586: IPv6 NAT: src (192.168.40.104) -> (2001::C0A8:2858), dst (192.168.40.199) -> (2001:A:B:C::1)

NAT-PT(config)#

Routerv6_1#ping Routerv4_1.nouri.com

Translating “Routerv4_1.nouri.com”…domain server (2001::C0A8:2858) [OK]

Translating “Routerv4_1.nouri.com”…domain server (2001::C0A8:2858) [OK]

Translating “Routerv4_1.nouri.com”…domain server (2001::C0A8:2858) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001::C0A8:28C8, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/111/256 ms

Routerv6_1#

Debug:

The NAT device:

Receive a DNS request packet with IPv6 source (2001:A:B:C::1) and IPv6 destination (2001::C0A8:2858).
Translate the IPv6 src (2001:A:B:C::1) -> IPv4 src (192.168.40.199)
Translate the IPv6 dst (2001::C0A8:2858) -> IPv4 dst (192.168.40.104)
Send DNS request AAA to IPv4 DNS server with IPv4 src (192.168.40.199) + IPv4 dst (192.168.40.104)
Receive DNS response with IPv4 src (192.168.40.104) + IPv4 dst. (192.168.40.199) + embedded response to AAA IPv4 (192.168.40.200)
Translate embedded response IPv4 (192.168.40.200) -> IPv6 (2001::C0A8:28C8)
Translate back the IPv4 src (192.168.40.104)-> IPv6 src (2001::C0A8:2858)
Translate back the IPv4 dst (192.168.40.199) -> IPv6 dst (2001:A:B:C::1)
Send DNS response with IPv6 src (2001::C0A8:2858) + IPv6 dst. (2001:A:B:C::1) + embedded response to AAA IPv6 (2001::C0A8:28C8)

Internal IPv6 node:

send ping with IPv6 src (2001:A:B:C::1) + IPv6 dst (2001::C0A8:28C8)

The NAT device:

Translate the IPv6 src (2001:A:B:C::1) -> IPv4 src (192.168.40.199)
Translate the IPv6 dst (2001::C0A8:28C8) -> IPv4 dst (192.168.40.200)
Send ping with IPv4 src (192.168.40.199) + IPv4 dst (192.168.40.200)
Receive ping reply with IPv4 src (192.168.40.200) + IPv4 dst. (192.168.40.199)
Translate back the IPv4 src (192.168.40.200) -> IPv6 src (2001::C0A8:28C8)
Translate back the IPv4 dst (192.168.40.199) -> IPv6 dst (2001:A:B:C::1)
Send ping reply with IPv6 src (2001::C0A8:28C8) + IPv6 dst. (2001:A:B:C::1)

NAT-PT(config)#
*Mar 1 05:46:33.854: IPv6 NAT: udp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:2858) -> (192.168.40.104)

*Mar 1 05:46:33.994: IPv6 NAT: udp src (192.168.40.104) -> (2001::C0A8:2858), dst (192.168.40.199) -> (2001:A:B:C::1)

*Mar 1 05:46:34.166: IPv6 NAT: udp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:2858) -> (192.168.40.104)

*Mar 1 05:46:34.230: IPv6 NAT: udp src (192.168.40.104) -> (2001::C0A8:2858), dst (192.168.40.199) -> (2001:A:B:C::1)

*Mar 1 05:46:34.246: IPv6 NAT: udp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:2858) -> (192.168.40.104)

*Mar 1 05:46:34.278: IPv6 NAT: udp src (192.168.40.104) -> (2001::C0A8:2858), dst (192.168.40.199) -> (2001:A:B:C::1)

*Mar 1 05:46:34.322: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 05:46:34.346: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::1)

*Mar 1 05:46:34.442: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 05:46:34.650: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::1)

*Mar 1 05:46:34.726: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 05:46:34.758: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::1)

*Mar 1 05:46:34.774: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 05:46:34.802: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::1)

*Mar 1 05:46:34.818: IPv6 NAT: icmp src (2001:A:B:C::1) -> (192.168.40.199), dst (2001::C0A8:28C8) -> (192.168.40.200)

*Mar 1 05:46:34.834: IPv6 NAT: src (192.168.40.200) -> (2001::C0A8:28C8), dst (192.168.40.199) -> (2001:A:B:C::1)

NAT-PT(config)#

IPv4 MAPPED

So far, we have been dealing with specific IPv4 hosts inside IPv4 network, but what if we just want to make connections to any IPv4 hosts (ex: to Internet)?

In this case the mapping of destination addresses should be automatic, that is the role of IPv4 mapped:

interface FastEthernet0/0
no ip address

ipv6 address 2001:A:B:C::4/64

ipv6 nat

!

interface FastEthernet1/0

ip address 192.168.40.199 255.255.255.0

ipv6 nat

!

! DNS still need Translation

ipv6 nat v4v6 source 192.168.40.104 2001::C0A8:2858

! PAT Translation is the appropriate configuration for this case

ipv6 nat v6v4 source list list_to-ipv4 interface FastEthernet1/0 overload

ipv6 nat prefix 2001::/96 v4-mapped WHAT_to_IPv4

!

!

!

ipv6 access-list list_to-ipv4

permit ipv6 2001:A:B:C::/64 any

!

ipv6 access-list WHAT_to_IPv4

permit ipv6 any 2001::/96