NAT of ip proto-41 to establish IPv6 6in4 tunnel
in [Cisco]
|
From: Valentin on 2 Feb 2010 15:47 Hi, short intro: ------------ we have got a Cisco 836. Unfortunately, we cant use the ADSL feature, because our ISP 'only' provides ADSL2+ and the C836 is not capable of ADSL2+. Nevertheless, with IOS 12.4 there comes an Ethernet 2 interface which can be used for PPPoE with dynamic IPv4 address. This works perfectly ;-) challenge: ---------- Our current challenge is to establish our IPv6 6in4 tunnel to SixXS.net via aiccu which should be located on an openwrt router one hop 'behind' the Cisco router. cf. https://www.sixxs.net/faq/connectivity/?faq=comparison (6in4-heartbeat) cf. footnote 1: "Unless the machine performing the NAT function is configured to forward protocol 41 to the actual endpoint or when the NAT supports proto-41 because it keeps state for outbound proto-41 packets and relies on that information." The 6in4-heartbeat tunnel uses IP protocol-41 and therefore has a very short tunnel overhead. (compared to AYIYA) question: --------- how to direct the proto-41 traffic to my openwrt router via NAT? I have read many docs on cisco.com but didn't find any hint for "NATing" a specific protocol only. Any help, comments etc is highly appreciated, Thanks in advance, Valentin keywords: Cisco, IOS, IPv6, OpenWRT, aiccu, sixXS.net, proto-41, AYIYA
From: bod43 on 3 Feb 2010 15:06 On 2 Feb, 20:47, Valentin <mymete...(a)gmx.net> wrote: > Hi, > > short intro: > ------------ > we have got a Cisco 836. Unfortunately, we cant > use the ADSL feature, because our ISP 'only' provides > ADSL2+ and the C836 is not capable of ADSL2+. > Nevertheless, with IOS 12.4 there comes an Ethernet 2 > interface which can be used for PPPoE with dynamic IPv4 address. > This works perfectly ;-) > > challenge: > ---------- > Our current challenge is to establish our IPv6 6in4 tunnel to SixXS.net > via aiccu which should be located on an openwrt router one hop 'behind' > the Cisco router. > > cf.https://www.sixxs.net/faq/connectivity/?faq=comparison(6in4-heartbeat) > > cf. footnote 1: "Unless the machine performing the NAT function is > configured to forward protocol 41 to the actual endpoint or when the NAT > supports proto-41 because it keeps state for outbound proto-41 packets > and relies on that information." > > The 6in4-heartbeat tunnel uses IP protocol-41 and therefore has a very > short tunnel overhead. (compared to AYIYA) > > question: > --------- > how to direct the proto-41 traffic to my openwrt router via NAT? > > I have read many docs on cisco.com but didn't find any hint for "NATing" > a specific protocol only. > > Any help, comments etc is highly appreciated, I would imagine that a static nat with route-map should work. Something like - ip nat inside source static 1.2.3.4 2.3.4.5 route-map RM.v6tunnel route map RM.v6tunnel match ip address ACL.RM.v6tunnel ip access-list extended ACL.RM.v6tunnel permit 41 host 1.2.3.4 host 2.3.4.5 I believe that this will NAT only the protocol 41 traffic.
From: Valentin on 12 Feb 2010 10:08 bod43 wrote: > On 2 Feb, 20:47, Valentin <mymete...(a)gmx.net> wrote: > ... > I would imagine that a static nat with route-map should > work. > > Something like - > > ip nat inside source static 1.2.3.4 2.3.4.5 route-map RM.v6tunnel > > route map RM.v6tunnel > match ip address ACL.RM.v6tunnel > > ip access-list extended ACL.RM.v6tunnel > permit 41 host 1.2.3.4 host 2.3.4.5 > > I believe that this will NAT only the protocol 41 traffic. Thanks!! Indeed, the three commands: ip nat inside source static 192.168.201.2 <PUBLIC IP> route-map RM.v6tunnel route map RM.v6tunnel match ip address ACL.RM.v6tunnel ip access-list extended ACL.RM.v6tunnel permit 41 host 192.168.201.2 host <PUBLIC IP> do the job for a static PUBLIC IP. Unfortunately, we have got a dynamic PUBLIC IP by our ADSL-ISP. Therefore, I have tried ip nat inside source static 192.168.201.2 interface Dialer1 (Dialer1 is the interface which performs PPPoE) But with this command *any* traffic is directed to our interior router. There is no possiblity to bound this rule by a route-map ;-( Perhaps, ip nat inside source route-map does the job? I tried it, but it didn't work :-| Any help/hints are welcome, thanks, Valentin
From: bod43 on 12 Feb 2010 18:07 On 12 Feb, 15:08, Valentin <mymete...(a)gmx.net> wrote: > bod43 wrote: > > On 2 Feb, 20:47, Valentin <mymete...(a)gmx.net> wrote: > > ... > > I would imagine that a static nat with route-map should > > work. > > > Something like - > > > ip nat inside source static 1.2.3.4 2.3.4.5 route-map RM.v6tunnel > > > route map RM.v6tunnel > > match ip address ACL.RM.v6tunnel > > > ip access-list extended ACL.RM.v6tunnel > > permit 41 host 1.2.3.4 host 2.3.4.5 > > > I believe that this will NAT only the protocol 41 traffic. > > Thanks!! > > Indeed, the three commands: > ip nat inside source static 192.168.201.2 <PUBLIC IP> route-map > RM.v6tunnel > route map RM.v6tunnel > match ip address ACL.RM.v6tunnel > ip access-list extended ACL.RM.v6tunnel > permit 41 host 192.168.201.2 host <PUBLIC IP> > > do the job for a static PUBLIC IP. Unfortunately, we have > got a dynamic PUBLIC IP by our ADSL-ISP. > > Therefore, I have tried > ip nat inside source static 192.168.201.2 interface Dialer1 > (Dialer1 is the interface which performs PPPoE) > But with this command *any* traffic is directed to our interior router. > There is no possiblity to bound this rule by a route-map ;-( I have the idea that I have seen a fix for the fancy nat with dynamic IP problem on this group but I could be mistaken. I might have a look:) I would think you could resolve it with the new event manager stuff but it might be a bit tough to figure out how to do it. The idea would be that you run an event when the dialer comes up which changes the config to match the address. No idea if it is even possible. An example:- event manager applet CLIaccounting event cli pattern ".*" sync no skip no action 1.0 syslog priority informational msg "$_cli_msg" set 2.0 _exit_status 1 This logs all commands used to the log. Maybe you can watch the log for specific messages to detect the dialer coming up. There was a large event manager example posted here the other day. Random links. http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6815/config_guide_eem_configuration_for_cisco_integrated_services_router_platforms..htm l Embedded Event Manager EEM Tool Command Language (TCL) http://cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide0918 6a008041231a.html Writing Embedded Event Manager Policies http://cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a008041231a.html%23wp1049672 Writing EEM Policies Using TCL www.cisco.com/go/ioscommercial ############ Another example event manager environment mybackuploc tftp://192.168.200.11/ event manager environment myfilename cr-u1-cfgbkp event manager environment myfilenameext .txt event manager environment dash - event manager applet bkp_when_changed trap event cli pattern "wr" sync no skip no action 1.0 cli command "enable" action 2.0 cli command "config t" action 3.0 cli command "file prompt quiet" action 4.0 cli command "end" action 5.0 cli command "copy running $mybackuploc$myfilename$myfilenameext" action 6.0 cli command "config t" action 7.0 cli command "no file prompt quiet" action 8.0 cli command "end"
From: Valentin on 18 Feb 2010 14:17 bod43 wrote: > On 12 Feb, 15:08, Valentin <mymete...(a)gmx.net> wrote: >> bod43 wrote: >>> On 2 Feb, 20:47, Valentin <mymete...(a)gmx.net> wrote: >>> ... >>> I would imagine that a static nat with route-map should >>> work. >>> Something like - >>> ip nat inside source static 1.2.3.4 2.3.4.5 route-map RM.v6tunnel >>> route map RM.v6tunnel >>> match ip address ACL.RM.v6tunnel >>> ip access-list extended ACL.RM.v6tunnel >>> permit 41 host 1.2.3.4 host 2.3.4.5 >>> I believe that this will NAT only the protocol 41 traffic. >> Thanks!! >> >> Indeed, the three commands: >> ip nat inside source static 192.168.201.2 <PUBLIC IP> route-map >> RM.v6tunnel >> route map RM.v6tunnel >> match ip address ACL.RM.v6tunnel >> ip access-list extended ACL.RM.v6tunnel >> permit 41 host 192.168.201.2 host <PUBLIC IP> >> >> do the job for a static PUBLIC IP. Unfortunately, we have >> got a dynamic PUBLIC IP by our ADSL-ISP. >> >> Therefore, I have tried >> ip nat inside source static 192.168.201.2 interface Dialer1 >> (Dialer1 is the interface which performs PPPoE) >> But with this command *any* traffic is directed to our interior router. >> There is no possiblity to bound this rule by a route-map ;-( > > I have the idea that I have seen a fix for the fancy nat with > dynamic IP problem on this group but I could be > mistaken. I might have a look:) > > I would think you could resolve it with the new > event manager stuff but it might be a bit tough to > figure out how to do it. > > The idea would be that you run an event when the > dialer comes up which changes the config to match the > address. No idea if it is even possible. > > An example:- > event manager applet CLIaccounting > event cli pattern ".*" sync no skip no > action 1.0 syslog priority informational msg "$_cli_msg" > set 2.0 _exit_status 1 > > This logs all commands used to the log. > > Maybe you can watch the log for specific messages > to detect the dialer coming up. > > There was a large event manager example posted > here the other day. > > Random links. > http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6815/config_guide_eem_configuration_for_cisco_integrated_services_router_platforms.htm > > l > Embedded Event Manager > EEM Tool Command Language (TCL) > > http://cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide0918 > > 6a008041231a.html > Writing Embedded Event Manager Policies > > http://cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a008041231a.html%23wp1049672 > � Writing EEM Policies Using TCL > > www.cisco.com/go/ioscommercial > > ############ > Another example > > event manager environment mybackuploc tftp://192.168.200.11/ > event manager environment myfilename cr-u1-cfgbkp > event manager environment myfilenameext .txt > event manager environment dash - > event manager applet bkp_when_changed trap > event cli pattern "wr" sync no skip no > action 1.0 cli command "enable" > action 2.0 cli command "config t" > action 3.0 cli command "file prompt quiet" > action 4.0 cli command "end" > action 5.0 cli command "copy running > $mybackuploc$myfilename$myfilenameext" > action 6.0 cli command "config t" > action 7.0 cli command "no file prompt quiet" > action 8.0 cli command "end" > The event manager stuff reads very interesting. I think it would be very challenging to solve that kind of question with this technique. Unfortunately, I have Cisco IOS Software, C836 Software (C836-K9O3S8Y6-M), Version 12.4(25b), RELEASE SOFTWARE (fc1). In that IOS the event manager stuff in not included ;-( I have looked with the cisco feature navigator for an IOS for my C836 with the event manager stuff included, but without success. The second research for the "fix for the fancy nat with dynamic IP". in this group wasn't successfull, either. I was wondering that some of the deep links to cisco.com you posted are not working?
|
Pages: 1 Prev: kind of "ntp relay" Next: "Antivirus Soft" (fake spyware virus) removal guide |