Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

ipv6 nat inside source static (NAT)

Use this command to enable static NAT translation of inside source IPv6 addresses.

Syntax

ipv6 nat inside source static local-ipv6/prefix-length global-ipv6/prefix-length [inside-vrf vrf-name] [fullcone acl | restricted-cone acl | port-restricted-cone acl]
no ipv6 nat inside source static local-ipv6/prefix-length global-ipv6/prefix-length [inside-vrf vrf-name] [fullcone acl | restricted-cone acl | port-restricted-cone acl]

Parameters

local-ip/prefix-length Specifies the private (local) address to be associated with a public (global) address for this translation. The prefix-length can not be greater than 112.
global-ip/prefix-length Specifies the public (global) address to be associated with a private (local) address for this translation. The prefix-length can not be greater than 112.
inside-vrf vrf-name (Optional) Specifies the name of the VRF to which the local IP address belongs.
fullcone acl (Optional) Specifies an access list that identifies protocols and ports to process as fullcone NAT.
restricted-cone acl (Optional) Specifies an access list that identifies protocols and ports to process as restricted cone NAT.
port-restricted-cone acl (Optional) Specifies an access list that identifies protocols and ports to process as port restricted cone NAT.

Defaults

If inside-vrf vrf-name is not specified, an inside VRF is not associated with this translation.

If an access list for fullcone, restricted-cone, or port-restricted-cone NAT is not specified, or the packet does not match a cone access list entry, a cone NAT binding is not applied to the packet.

Mode

Configuration command, Global configuration.

Usage

If a full, restricted, or port restricted cone NAT access list is specified, and the IPv6 packet protocol and port matches an access list entry, a cone NAT binding for the cone type is applied to the packet. See Network Address Translation (NAT) Configuration in the S-, K-, and 7100 Series Configuration Guide for a detailed cone NAT feature discussion.

The “no” form of the command deletes the specified static NAT translation.

Examples

This example enables a static NAT translation of inside source addresses for private local addresses 2001:abcd:ef01::0/64 destined for and transmitting from unique public addresses 2001:fdea:4321::0/64:

System(rw-config)->ipv6 nat inside source static 2001:abcd:ef01::0/64 2001:fdea:4321::0/64

This example enables a static NAT translation, on VRF vrf2, of inside source addresses for private local address 2001:abcd:ef01::0/64 destined for and transmitting from unique public addresses 2001:fdea:4321::0/64, specifying that the local addresses belong to VRF vrf1:

System(rw-vrf2-config)->no ipv6 nat inside source static 2001:abcd:ef01::0/64 2001:fdea:4321::0/64 inside-vrf vrf1

This example applies a full cone NAT binding, mapping the IPv6 source IP addresses 2001:abcd:ef01::0/64 to the global IP address 2001:fdea:4321::0/64 for either:

  • Packets on the inside interface destined for any IPv6 address on an outside interface that match the protocol and port specified in an fc_acl1 entry
  • or, any outside traffic destined to the binding‘s 2001:fdea:4321::0/64 global IP address to be mapped to the 2001:abcd:ef01::0/64 inside address
    System(rw-config)->ipv6 nat inside source static 2001:abcd:ef01::0/64 2001:fdea:4321::0/64 fullcone fc_acl1
Published May 2016prev | next

Email this topicEmail this topic

Print this pagePrint this page