Bernhard Schmidt <[EMAIL PROTECTED]> wrote: > I'm currently trying to configure NAT-PT to allow our IPv6-only clients > to access IPv4 hosts. We've bought an 2811 for this task (among others) > and I tried following
Okay, I have to test these thoroughly tomorrow, but my preliminary findings are as following: a) The (unexplained) parameter v4-mapped takes an ACL which I thought to be "has to match the client address to be NATted". Turned out this was wrong apparently, only the CLI gave a hint ipv6-gw(config)#ipv6 nat prefix 2001:4ca0:0:ff03::/96 v4-mapped ? WORD Access list name for local addresses so my guess is that addresses matching the prefix and being hit by the ACL are not NATed. b) The overload parameter does not work, as soon as this is added I can't get any connection through, even the first one. c) IPv6 and IPv4 have to be on different interfaces (dualstacked does not work, having IPv4 and IPv6 on different interfaces connected to the same el-cheapo Netgear switch works fine). So this is my configuration at the moment: --- interface FastEthernet0/0 description IPv6 uplink no ip address ipv6 address 2001:4CA0:0:FF00::FFFF/64 ipv6 enable ipv6 nat ! interface FastEthernet0/1 description IPv4 uplink ip address 129.187.18.250 255.255.255.0 ipv6 nat ! ipv6 nat translation timeout 300 ipv6 nat v6v4 source list LRZ pool pool-v6v4 ipv6 nat v6v4 pool pool-v6v4 129.187.18.65 129.187.18.94 prefix-length 27 ipv6 nat prefix 2001:4CA0:0:FF03::/96 v4-mapped none ! ipv6 access-list LRZ sequence 20 permit ipv6 2001:4CA0::/32 any log-input --- [EMAIL PROTECTED]:~$ telnet 2001:4ca0:0:ff03::83.170.6.69 25 Trying 2001:4ca0:0:ff03::53aa:645... Connected to 2001:4ca0:0:ff03::83.170.6.69. Escape character is '^]'. 220 mailout.mucip.net ESMTP Postfix Phew... Bernhard _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/