Describe IPv6 NAT and how to configure and verify IPv4 Network Address Translation (NAT)

The Network address translation offers the method of modifying the network address information in the IP datagram packet headers when they are in transit over the traffic routing service to remap one Internet protocol address space into the other. In the below section, IPv6 NAT topic is discussed in detail along with the NAT64 and NPTv6. Then learn how to configure and verify the IPv4 network address translation. It also includes static NAT, dynamic NAT, PAT.

6.6 configure and verify IPv4 network address translation (NAT)

The term NAT44 is used to specifically indicate the mapping between 2 IPv4 addresses and this is the most typical case when IPv4 carries majority traffic on the internet. The NAT64 refer to a mapping of the IPv4 address to the IPv6 addresses or vice versa.

The NAT permits the ISP and enterprises to masquerade private network address space only to the publicly routable IPv4 address on an internet interface of the customer premise router rather than allocating the public address to every network device. Given below is the example of configuring IPv4 mapped NAT-PT as follows:

Verify the configuration by using the "show" command.

6.6.a Static NAT, dynamic NAT, PAT

The static NAT can create the fixed translation of the real address to mapped address. With the dynamic NAT & PAT, every host will use a different port or addresses for the every subsequent translation. Since a mapped address is a same one for every consecutive connection with the static NAT, the persistent translation rule will exist, then the static NAT allows the host on a destination network particularly to initiate traffic to the translated host. Given below is the typical static NAT scenario: A translation is active so that the both remote host and translated host can originate the connections and mapped addresses are statically designated by a static command.

The main difference the dynamic NAT and the range of address of the static NAT is which static NAT allows the remote host initiate the connection to the translated host and while the dynamic NAT will not. You required an equal mapped addresses as like a real addresses with the static NAT.


It configures the persistent 1 to 1 address translation rules by mapping the real IP address to the mapped IP address.

Example of static NAT configuration as follows:

The configuration pointed above creates the permanent entry in a NAT table and enables both outside and inside hosts to initiate the connection.

Dynamic NAT:

The NAT router in the network will maintain the table of the registered IP address and when the private IP addresses request access to an internet, a router selects an IP address from a table that is not which is being used by the other private IP address. The dynamic NAT also helps to secure the network also it mask an internal configuration of the private network and also makes that difficult for one who is outside a network to monitor the individual usage patterns. The dynamic NAT allows the private network to use the private IP address which is invalid on an internet but useful as the internal addresses.

The dynamic Nat translates the group of a real address to the mapped address pool which are routable on a destination network. A mapped pool can include fewer address than a real group. When the host you like to translate access a destination network, an ASA assigns a host the IP address from a mapped pool. A translation is added when a real host initiates the connection.

The dynamic NAT uses the pool of the public address and also assigns it on the first served and first come basis.

When the host with the private IP addresses request access to an internet, the dynamic NAT selects the IP address from a pool which is not already in the use of the other host. The dynamic host is very useful when some addresses are available than an actual number of the hosts that to be translated.

Example for the dynamic NAT configuration:

When the static NAT offers the permanent mapping between the internal addresses and the certain public, the dynamic NAT maps the private IP address to public addresses. The public IP address come from the NAT pool.

Dynamic PAT:

The PAT translates the multiple real address to the single mapped IP address by simply translating a real address and the source port to a mapped address as well as unique port. With PAT multiple users may use one IP address at a time. PAT is also called as NAT overload. It is common to hide the entire IP address space, consisting of the private IP address, and behind the single IP address in the other address space. This type of NAT is also called as PAT in overload. A dynamic entry strays in a table as long as the traffic flows occasionally. With the PAT in overload, the translation does not exist in a NAT table until a router receives traffic which requires translation. The translation has a timeout period after that they are purged from a translation table.

6.7 Describe IPv6 NAT

The IPv6 has the vastly larger address space than an impending exhausted IPv4 address space. The IPv4 is extended by using the techniques including NAT, that allows for rages of private address to be represented by the single public address and also temporary address assignment. In this, there are a variety of techniques to offer the transition mechanisms for a legacy IPv4 host to maintain the connection to an internet. The IPv6 Nat offers the address translation between the IPv4 as well as IPv6 addressed network device. Additionally, it offers address translation between the IPv6 hosts. The NAT between IP version 6 host is mainly done in the similar way and also for similar purposes like IPv4 NAT. The IPv6 NAT provides 3 NAT types such as source NAT, static NAT and destination NAT.

The source NAT is a translation of a source IP address of the packet leaving the network device. The source NAT is used to allow the host with the private IP address to access the public network. The destination NAT is a translation of a destination IP address of the packet entering the network device. The destination NAT is used to redirect the traffic destined to the virtual host to a real host. The static NAT defines the one to one mapping from the one IP subnet to the other IP subnet. This mapping also includes the destination IP address translation in only one direction and the source IP address translation in a reverse direction. From a NAT device, an original destination address is a virtual host IP address when mapped to address is a real host IP address.

6.7.a NAT64

The NAT64 is the mechanism to allow the IPv6 host to communicate with the IPv4 servers. NAT64 server is an endpoint for minimum one IPv4 address and the IPv6 network segment of the 32 bits. The IPv6 client embeds an IPv4 address, it likes to communicate with by using the bits and also sends its packet to a resulting address. A NAT64 server can create the NAT mapping in between an IPv6 and IPv4 address by allowing it to communicate.

The dual stack is the transition technology in which the IPv4 and IPv6 operate in the tandem over the dedicated or shared links. In the dual stack network, both IPv6 and IPv4 are deployed fully across the infrastructure, hence the routing protocol and configuration can handle both the IPv6 and IPv4 adjacencies and addressing.

All viable translation scenarios are mostly supported by the NAT64 and hence NAT64 is becoming the sought translation technology. The AFT using the NAT can be completed either by stateful or stateless. By using the tunneling option, an organization can build an overlay network that the tunnels 1 protocol through the other by encapsulating the IPv6 packets within the IPv4 packets and also IPv4 packets within IPv6 packets.

The above figure summarizes the necessary steps needed for the NAT64 translation on the Cisco AS 1000 series running the stateful NAT64 when the Greenfield IPv6 only network access service provided and residing in the existing IPv4 network and internet.

Stateless NAT64:

It is defined in the RFC6145. It is the translation mechanism for mapping the IPv6 address to IPv4 address algorithmicallly and IPv4 address to IPv6 address. Like NAT44, it will not keep any binding or any session state when performing translation and also it supports both the IPv4 and IPv6 initiated communication.

The applications without the corresponding application layer gateway cannot properly with a stateless NAT64 translator. The multicast is not supported. The translation of the IPv4 options, hop by op extension headers, IPv6 routing headers, source routing headers and destination option headers are not supported. The IPv6 packets with the zero UDP checksum are not translated. The fragmented IPv4 UDP packets which do not contain the UDP checksum are not at all translated.

Stateful NAT64:

It is the stateful translation mechanism for mainly translating the IPv6 address to the IPv4 address and also IPv4 address to IPv6 address. Like NAT64, it is called as stateful because it modifies or creates a session state or binding when performing the translation. It also supports both the IPv4 initiated and IPv6 initiated communication using the manual or static mappings.

6.7.b NPTv6

The NPTv6 can be implemented in the IPv6 router to map one IPv6 address prefix to the other IPv6 prefix as each IPv6 datagram transit a router. The router which implements the NPTv6 translation function is considered as the NPTv6 translator. The NPT stands for network prefix translation. NPTv6 involves modifying the IP headers in the transit, hence it is not compatible with the security mechanism, including IPsec authentication header, which offer integrity protection for an IP header. The NPTv6 can interfere with a use of application protocols which transmit the IP address in an application specific portion of an IP datagram. The default NPTv6 address mapping mechanisms are purely algorithmic, hence the NPTv6 translators will not required to maintain per connection or per node state, permitting deployment of the more robust and also adaptive network than can deployed by using NAPT44.

The NPTv6 translator interconnects 2 network links, they are internal network and external network. The internal network link attached to the leaf network within the single administrative domain and also another of which is the external with connectivity to a global internet. All the internal network host can use the address from the single and locally routed prefix and the addresses can be translated from address in the globally routable prefix as the IP datagrams transit an NPTv6 translator. When the NPTv6 translator forwards the datagrams in an outbound direction, from an internal network to an external network, the NPTv6 overwrites an IPv6 source prefix with the associated external prefix. The NPTv6 can be used between the 2 private networks. In that case, both networks can use the ULA prefixes with the each subnet in 1 network mapped into the associated subnet in another network and again vice versa. When the NPTv6 translation functions are configured, then it is configured with as follows:

1. One or more external interface with its external routing domain prefixes

2. One or more internal interface with its internal routing domain prefixes.

The NPtv6 intended the lightweight stateless NAT solution which only translates a network prefix and not the full IPv6 address. It is the one to translate which needs no state on the routers and also preserves the end to end reachability to a network layer.

The network address translation is the way to map the entire network to the single IP address. This NAT is essential when the number of the IP address assigned to you by the ISP is less than the total number of computers which you like to give internet access. The NAT64 to offer IPv4 preservation through PAT. The IPv4 NAT and ipv6 NAT discussed in this section will get you to know how to configure and verify the protocols.

VCE Exam Simulator Free DemoVCE Exam Simulator Free Demo
Read about VCE Exam Simulator
Download VCE Exam Simulator
Prep4sure - Professional IT Certification Training
BrainDumps - Get Real Exam Questions
Actual Tests - Lifetime Access to IT Exams

Site Search:


July Special! 30% Off

ExamCollection PREMIUM

Get Unlimited Access to all ExamCollection's PREMIUM files!

Enter Your Email Address to Receive Your 30% Off Discount Code

A Confirmation Link will be sent to this email address to verify your login

We value your privacy.
We will not rent or sell your email address

Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.