NAT64 Stateful w/ Static NAT

Load nat64.lab1.init.cfg

#IOS-XE
config replace flash:nat64.lab1.init.cfg

#IOS-XR (XR1 only)
configure
load bootflash:nat64.lab1.init.cfg
commit replace

Configure NAT64 on R6 again. Use the same settings:

• Use 100.1.1.1 as the translated IPv4 address on R6

• Only allow traffic sourced from 2001::/64 to be translated for NAT64

• Use the prefix 64:ff96::/96 for NAT64

Also configure a static NAT so that IPv4-initiated traffic destined for 100.1.2.3 is translated to 2001::5:5:5:5.

Answer

#R6
int GigabitEthernet2.36
 nat64 enable
int GigabitEthernet2.46
 nat64 enable
int GigabitEthernet2.56
 nat64 enable
int GigabitEthernet2.619
 nat64 enable
!
ipv6 access-list NAT64_SOURCES
 permit ipv6 2001::/64 any
!
nat64 prefix stateful 64:ff96::/96
nat64 v4 pool V4POOL 100.1.1.1 100.1.1.1
nat64 v6v4 list NAT64_SOURCES pool V4POOL overload
!
nat64 v6v4 static 2001::5:5:5:5 100.1.2.3
!
ipv6 router ospf 1
 redistribute static

Explanation

This is the same lab as before, with one extra command:

nat64 v6v4 static 2001::5:5:5:5 100.1.2.3

This command creates a static NAT which allows IPv4 hosts to initiate traffic to an IPv6-only host. Traffic to/from 2001::5:5:5:5 will be translated to 100.1.2.3 instead of the 100.1.1.1 overload pool.

R6 automatically adds another static route for 100.1.2.3/32 pointing to the NVI:

R6 pre-populates a NAT entry for 2001::5:5:5:5 translated to 100.1.2.3:

If we initiate a ping from XR1, R6 will translate 100.1.2.3 to 2001::5:5:5:5. Additionally, it will use the NAT64 prefix to translate the source address from 192.0.2.1 to 64:ff96::c000:201. This ensures that R5 will direct the traffic back to R6.