Use this command to enable dynamic translation of inside (local) source IPv6 addresses based upon an ACL.
| access-list | Specifies an access-list of IPv6 addresses to translate for this inside source address. |
| pool pool-name | Specifies a pool of IPv6 addresses to translate for this outside address. The name can be up to 63 characters in length. |
| interface interface-name | (Optional) Specifies the outside interface string to which a translation is applied. |
| inside-vrf vrf-name | (Optional) Specifies the name of the inside VRF to which the IP address(es) specified in the access-list belong. |
| fullcone acl | (Optional) Specifies an access list that identifies protocols and ports to process as fullcone NAT. |
| restricted-cone acl | (Optional) Specifies an access list that identifies protocols and ports to process as restricted cone NAT. |
| port-restricted-cone acl | (Optional) Specifies an access list that identifies protocols and ports to process as port restricted cone NAT. |
If interface interface-name is not specified, translation is enabled on all supported interfaces.
If inside-vrf vrf-name is not specified, an inside VRF is not associated with this translation.
If an access list for fullcone, restricted-cone, or port-restricted-cone NAT is not specified, or the packet does not match a cone access list entry, a cone NAT binding is not applied to the packet.
Configuration command, Global configuration.
Packets from addresses that match those on the specified access list are translated using global addresses allocated from the named pool. You create the pool using ipv6 nat pool.
The overload option for enabling NAPT translation is not supported for NAT IPv6.
The optional interface parameter ensures that the translation only applies to packets being transmitted out the specified interface.
If the specified access list contains IP addresses that belong to another local VRF, that VRF must be specified using the inside-vrf option.
If a full, restricted, or port restricted cone NAT access list is specified, and the IPv6 packet protocol and port matches an access list entry, a cone NAT binding for the cone type is applied to the packet. See Network Address Translation (NAT) Configuration in the S-, K-, and 7100 Series Configuration Guide for a detailed cone NAT feature discussion.
The “no” form of the command disables dynamic translation of inside source addresses for the specified NAT pool.
This example enables dynamic translation of inside interfaces for packets sourced for IP addresses that match the contents of access list acl1 with outside IP addresses matching the contents of pool doc1 on outside interface VLAN 5:
System(rw-config)->ipv6 nat inside source list acl1 pool doc1 interface vlan 5
This example enables dynamic translation, on VRF vrf2, of inside addresses that match access list acl2 on inside VRF vrf1 with outside IP addresses matching pool doc1:
System(rw-vrf2-config)->ipv6 nat inside source list acl2 pool doc1 inside-vrf vrf1
This example applies a full cone NAT binding, mapping the IPv6 source IP address and port to a global IP address and port selected from the NAT doc1 pool for either:
System(rw-config)->ipv6 nat inside source list acl1 pool doc1 fullcone fc_acl1
Print
this page
Email this topic
Feedback
View PDF
Download EPUB