Quick Series 23 – IPV4 to IPV6 NAT
Oct 03
jncie-security jncip, jncis, nat64, srx double nat No Comments
Hi,
Previous post covered Ipv6-to-Ipv6 NAT. This post is aimed at IPV4-Island to IPV6-island.
Topology
Requirement is very simple, R2 has an Ipv4 address and it needs to reach Ipv6 address. We instruct SRX firewall to perform NAT from Ipv4 to Ipv6 for both source and Destination Address in this case, a Classic Double-Nat if I have to Say.
R2 tries to reach to end server of Ipv6 (2001:9:9:12::2), since it is ipv6, R2 is given an Ipv4 destination address of 9.9.12.3 in this case, an arbitrary address from the subnet pool. Similarly, SRX receives Ipv4 request, but it needs to forward it to IPV6, hence it uses an address of 2001:9:9:12::3 as it source
A quick look at policy and zones
Destination Nat – First in the flow processing
Source-Nat
Nat Translation Hits
A Look at security-flow session output
Regards
Rakesh M