Cisco NAT64 Static Configuration

This topic is to discuss the following lesson:

5 stars!!!

awesome lesson!!!

Hi Rene,

I’m trying to configure nat64 but apparently the ios I’m using does not recognize these commands. just to confirm it is it because of the IOS version or do i need to enable anything?

the ios i’m using is : BOOTLDR: 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.1(4)M5,

It’s probably the IOS version and/or platform.

Hi Rene, correction:

R2(config)#interface GigabitEthernet 2

your diagram shows FastEhternet interfaces but in the configuration you are saying GigabitEthernet.

There is very limited support for NAT64 on cisco devices. As far as I can tell it is limited to Cisco IOS XE Release 3.5S or better.
So you certainly can’t run this on GNS3.

I think that NAT64 is not actually very useful outside of a LAB. In practice you need DNS entries for both the real and mapped addresses which is more of a pain than running dual stack.


Hello Aujla3

You are correct! I will let Rene know.



Hello Stuart

For the most part you are correct that NAT64 has a limited usage in real world applications. However, there are cases where it is necessary. Also, it is supported by Cisco IOS-XE 15.1(3)S4 as well as Cisco ASA 9.1 and later.

Running two protocols in parallel always requires more management overhead, and if it can be avoided at all, it is good to do so. Unfortunately, it’s not always possible.

I hope this has been helpful!


1 Like

“Now we can configure the actual translation rules. We will use a fake IPv4 address that R1 can use as its destination and a fake IPv6 address that R3 can use as its destination.”

Does this fake ipv4 address have to be pingable or on the same subnet ? Also I’ve configured the nat64 prefix to a custom prefix; however the translator is only activating if I use 64:ff9b:: I’m using a CSR1000v as my NAT64 translator and I’m getting translations; however I’m not getting any return traffic. I’m using a http proxy to access the Internet. All in a vcenter environment

Hi @mrdecisive,

It shouldn’t be pingable, it’s an address that is not in use and probably be on the same subnet. You also have to use the 64:ff9b::/96 prefix.


Hi Rene,

Will i be able to ping from R1 to 2001:DB8:2323:2323::3 and from R3 to

We have a scenario wherein when the client is in IPv4 it needs to talk to IPv6 server, the original IP address and not the fake IPv4 address and vice versa

Hi Deepak,

You can make it work by only by using “fake” addresses like I did here. IPv4 and IPv6 are not compatible so an IPv4 host has no idea what an IPv6 address is and an IPv6 host doesn’t know what an IPv4 address is.

It’s like talking Chinese to an English speaker or vice versa :smile:


Could you also configure this the other way around?

nat64 v6v4 static 2001:DB8:2323:2323::3

Change to:

nat64 v4v6 static 2001:DB8:2323:2323::3

Hello Chris

Yes, such a configuration would work, assuming you want to translate the other way around.

I hope this has been helpful


Hello Laz,
but in that case, the IPv6 address will be the fake one and IPv4 be the real one. correct?

Hello sales2161

Well, it all depends on your point of view. :stuck_out_tongue:

When we talk about NAT in IPv4, we traditionally talk about “real” and “fake”, public and private, routeable and non-routable addresses because we are translating for the purpose of conserving addresses. So there is a meaning to these terms. However, NAT in a more general sense is a translation from one IP address range to another, regardless of whether the addresses are private, public, routable or not. You could translate from to for example. In such a case, which is fake and which is real? It depends on your point of view.

When we apply this to NAT64, what we are doing is translating between address spaces of two different protocols. Which is real or which is fake depends on the application, on which side of the NAT64 router is facing the Internet and which is not (maybe neither is facing the Internet).

So if we use the conventions of the terminology, then yes, you are correct, the IPv6 address will be fake and the IPv4 will be real. But looking at it in a broader sense, it just becomes a translation in the opposite direction.

I hope this has been helpful!


1 Like

which router model are you using to configure the nat64 on the ipv6 interface.
I used a 7200 and a 2691 in gns 3 and I am not able to get this done

R2(config-if)#int f1/0
R2(config-if)#nat64 enable
% Invalid input detected at '^' marker.


Hello Laz,
I was able to lab everything up and get this working. I tried a different fake ip address and i see the transalation taking place.

Router#show nat64 translations
Proto   Original IPv4           Translated IPv4
        Translated IPv6         Original IPv6
---     ---                     ---           2001:DB8:2323:2323::3

Total number of translations: 1

But i am still not clear on what is allowing me to ping a fake ip address that is defined in the statement.

#nat64 v6v4 static 2001:DB8:2323:2323::3

Can you clear this up.


Hello Cecil

If you’re pinging from R1, then you will get a response due to the NAT64 translation taking place, as described in the lesson itself. If you’re pinging 2001:DB8:2323:2323::3 from R1, you shouldn’t get a response since R1 has no IPv6 routing enabled. Even if it did, it wouldn’t know what to do with such a destination address since no such destination is found within its IPv6 routing table.

I hope this has been helpful!