NAT64 返回转换不起作用

网络工程 思科 ipv4 ipv6
2021-07-13 17:21:42

我正在 cisco 路由器上进行 NAT64 转换。从 IPv6 到 IPv4 的转换有效,但返回值在 NAT64 统计信息中没有转换为更近的。

config:

 interface GigabitEthernet0/1
 nat64 enable
 ipv6 address 2001:2525:3164:1000::1/64


interface GigabitEthernet0/0/0
 ip address 194.10.83.2 255.255.255.248
 nat64 enable

nat64 v4 pool pool1 194.10.83.2 194.10.83.2
nat64 v6v4 list nat64ACL pool pool1 overload

ipv6 access-list nat64ACL
 permit ipv6 2001:2525:3164:1000::/56 any

翻译表:

RM_A0.1#sh nat64 translations
Proto   Original IPv4           Translated IPv4
        Translated IPv6         Original IPv6
--------------------------------------------------------
icmp    194.10.83.1:1           [64:FF9B::C20A:5301]:1
        194.10.83.2:1           [2001:2525:3164:1000:6188:82D:86F8:708E]:1

tcp     194.10.83.1:23          [64:FF9B::C20A:5301]:23
        194.10.83.2:60531       [2001:2525:3164:1000:6188:82D:86F8:708E]:60531

Total number of translations: 2

统计数据:

Number of packets translated by stateless NAT64:
        Packets translated (IPv4 -> IPv6): 0
        Packets translated (IPv6 -> IPv4): 0

Number of packets translated by stateful NAT64:
        Packets translated (IPv4 -> IPv6): 0
        Packets translated (IPv6 -> IPv4): 75

Global Statistics
Prefix: 64:FF9B::/96
        Packets translated (IPv4 -> IPv6): 0
        Packets translated (IPv6 -> IPv4): 20
        Packets dropped: 0

在 ipv4 网络上的 Wireshark 捕获: 在此处输入图片说明

在 IPv4 网络上一切正常。任何的想法?

编辑:这是路由器的整个配置:

Current configuration : 2039 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RM_A0.1
!
boot-start-marker
boot-end-marker
!
enable password emf
!
no aaa new-model
memory-size iomem 15
!
ip cef
ipv6 unicast-routing
ipv6 dhcp pool myPool
 dns-server 2001:4860:4860::8888
 domain-name Baldi.local
!
ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
license udi pid CISCO1921/K9 sn FCZ1918C2N2
!
vtp domain emf
vtp mode transparent
vtp version 2
!
redundancy
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address FE80::1:1:0 link-local
 ipv6 address 2001:2525:3164:100F::/127
 ipv6 ospf 99 area 0
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 nat64 enable
 ipv6 address FE80::1:1:1 link-local
 ipv6 address 2001:2525:3164:1000::1/64
 ipv6 nd other-config-flag
 ipv6 dhcp server myPool
 ipv6 ospf 99 area 0
!
interface GigabitEthernet0/0/0
 ip address 194.10.83.2 255.255.255.248
 duplex auto
 speed auto
 nat64 enable
!
interface Serial0/1/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/1/1
 no ip address
 shutdown
 clock rate 2000000
!
router ospfv3 99
 router-id 0.0.0.1
 !
 address-family ipv6 unicast
 exit-address-family
!
router rip
 version 2
 network 194.10.83.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
nat64 v4 pool pool1 194.10.83.2 194.10.83.2
nat64 v6v4 list nat64ACL pool pool1 overload
!
ipv6 access-list nat64ACL
 permit ipv6 2001:2525:3164:1000::/56 any
!
control-plane
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password emf
 login
 transport input none
!
scheduler allocate 20000 1000
ntp server 2001:2525:3164:1F::
!
end
1个回答

好的,我找到了解决方案:v4 池不能与接口位于同一子网中。使用另一个子网中的 IP 一切正常

其它你可能感兴趣的问题
上一篇模拟电话的工作 - 基础知识 下一篇如何通过瞻博网络 SRX 上的 IPSec VPN 隧道转发多播数据包?