IPv6 NAT-PT Static

Scenario:

You are working for a large international mining company and responsible for the migration strategy towards IPv6. The ISP has run out of IPv4 addresses and can only supply you with fresh new IPv6 addresses. In order to connect the new “Gold” and “Silver” sites you will need to perform NAT-PT…start digging!

Goal:

  • All IPv4 and IPv6 addresses have been preconfigured for you.
  • All routers have a default route towards router NATPT.
  • Configure NAT-PT and make sure router Platinum is reachable as 2001::C0A8:7B01.
  • Configure NAT-PT and make sure router Bronze is reachable as 2001::C0A8:7B02.
  • Configure NAT-PT and make sure router Gold is reachable as 192.168.123.4.
  • Configure NAT-PT and make sure router Silver is reachable as 192.168.123.5.
  • Your configuration is correct when you have full connectivity.

It took me 1000s of hours reading books and doing labs, making mistakes over and over again until I mastered all the routing protocols for CCNP.

Would you like to be a master of routing too? In a short time without having to read 900 page books or google the answers to your questions and browsing through forums?

I collected all my knowledge and created a single ebook for you that has everything you need to know to become a master of routing.

You will learn all the secrets about IPv6, NAT-PT and more.

Does this sound interesting to you? Take a look here and let me show you how to Master CCNP ROUTE

IOS:

c3725-adventerprisek9-mz.124-15.T7.bin

Topology:

NAT-PT

Video Solution:

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by René Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

René - CCIE #41726 is the creator of GNS3Vault.com where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on http://networklessons.com

19 Comments

  1. When I do a ping to the other end the result looks like this:

    Platinum # ping 192.168.45.4

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.45.4, timeout is 2 seconds:
    !.!.!
    Success rate is 60 percent (3 / 5), round-trip min / avg / max = 64/85/108 ms
    # Platinum

    Gold # ping 2001:12:: C0A8: 7B01

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 2001:12:: C0A8: 7B01, timeout is 2 seconds:
    !.!.!
    Success rate is 60 percent (3 / 5), round-trip min / avg / max = 60/73/92 ms
    Gold #

    Why?

  2. To be honest I had the same problem with some of my NAT-PT configs even though the configuration is OK. I tried to look for the answer but couldn’t find it.

    If anyone else knows, i’d be delighted to hear it.

    Keep in mind NAT-PT is history as per RFC 4966.

  3. I only got packet loss when the eui-64 and global IPv6 addresses were in place at the same time, the .zip has eui-64 on the interfaces.

  4. Hi Oliver,

    What do you exactly mean? You had 2 IPv6 addresses on the interface or use global addresses with EUI-64?

    Don’t be sorry for reporting an error, i’m happy you let me know ;D

    Rene

  5. NAT-PT does not work with CEF switching, try didable CEF and you should ping with 100%. This this why NAT-PT is historic per RFC4966.

    Thanks
    Maz Mohamed
    Harris Corp

  6. Hello Rene,
    Still some users use NAT-PT unforunetly like me, however IETF says its historic, Cisco on ther hand I believe not recommending NAT-PT per one of the decumentaion I came across. NAT64 is the replacement, however it’s supported in ASR1000. In may case I have C3800 so I stuck with NAT-PT, and from scalability point of view I’m seeing a numbers of issues, one of them is CEF. What I recomended my customer is to disable fast switching/CEF under interface bases by no ip route-cache command, as I have about only 7 v6 users connected to this router and all 64k bandwidth so not a big deal to disable CEF under those connected interface with low BW. Other issue I had, please check “Multiple IPv6 to connect to single IPv4 server”, under Cisco support community discussions.

    Thanks
    Maz

  7. Hi Maz,

    Thanks for sharing this I didn’t know that. I only know about NAT-PT since its a CCIE topic but never tried it on a production network. Are you working often with IPv6? Maybe you have some nice ideas for lab scenarios I can build ;D

    Rene

  8. Notes:
    1) Check the ipv6 default route on Gold and Silver, mine were incorrect (suspect this may be due to eui-64 on local setup – Rene, maybe these addresses should be fully specified?).
    2) Addresses on GNS3 topology don’t match web page and video, be careful if like me you have both screens open!

  9. Hi Rene,

    I made an observation and i think the same thing happened to you on the video you posted.
    I realized that when you try to ping from the ipv4 side first, you will never get a reply. You have to initiate a ping from the ipv6 side first, the the natpt router populates it’s nat table with some dynamic entries. Only then, you’ll be able to ping from the ipv4 side.
    To prove it, i did the following:
    I made sure i was able to ping all routers from both sides.
    I cleared the nat table on the NATPT router with a clear ipv6 nat translation *
    Again, the same scenario.

  10. The final configurations are not working for me please help me any body have working gns lab please upload it and give me the link…

  11. I also had the issue where the default routes on both routers Gold and Silver were pointing to an ipv6 address which was not configured on NATPT’s f0/1 ingress interface for the ipv6 subnet. The default routes from the downloaded config file were pointing at 2001:A:B:C:C002:12FF:FE79:1. However, router NATPT’s f0/1 ipv6 address is configured to be derived using EUI-64 rules, which automatically populates the interface id part of the address by using the local mac address.

    The problem with this is that the local mac addresses seem to randomly change with each fresh start of GNS3. Because of this the default route did not match the address on NATPT’s f0/1 interface, which was in my case 2001:A:B:C:C002:15FF:FE48:1.

    By changing the default routes on routers Gold and Silver to match the ipv6 address configured on your specific instance of router NATPT’s f0/1 interface, you should be able to get this lab to function properly.

  12. I found the same issue as Josh. Using EUI-64 will result in your GNS3 program using whatever MAC address you have on your virtual routers and since it’s likely that we all won’t be using the same IOS versions, our individual EUI-64 addresses will differ. Alter your lab scenarios based on your own ipv6 addresses that your IOS generates on the interfaces.

  13. Eu fiz essa configuração no packet tracer 6.2, ele aceitou todas as configuraçoes, mas só que eu não consegui efutuar o ping dos roteadores que estavam configurados com IPv6 para os que estavam configurados para IPv4 e virce versa.

Comments are closed.