Hi,

Previous post covered Ipv6-to-Ipv6 NAT. This post is aimed at IPV4-Island to IPV6-island.

Topology

Topology

Requirement is very simple, R2 has an Ipv4 address and it needs to reach Ipv6 address. We instruct SRX firewall to perform NAT from Ipv4 to Ipv6 for both source and Destination Address in this case, a Classic Double-Nat if I have to Say.

R2 tries to reach to end server of Ipv6 (2001:9:9:12::2), since it is ipv6, R2 is given an Ipv4 destination address of 9.9.12.3 in this case, an arbitrary address from the subnet pool. Similarly, SRX receives Ipv4 request, but it needs to forward it to IPV6, hence it uses an address of 2001:9:9:12::3 as it source

A quick look at policy and zones

securityzones_1

Destination Nat – First in the flow processing

destination_nat2

Source-Nat

source-nat_3

Nat Translation Hits

nat_translations_4

A Look at security-flow session output

output_5

Regards

Rakesh M

Advertisements