NAT64/46 Example: Inside IPv6 Network with Outside IPv4 Internet

Following is a straight-forward example where you have an inside IPv6-only network, and you want to convert to IPv4 for traffic sent to the Internet. This example assumes you do not need DNS translation, so you can perform both the NAT64 and NAT46 translations in a single manual NAT rule.

In this example, you translate the inside IPv6 network to IPv4 using dynamic interface PAT with the IP address of the outside interface. Outside IPv4 traffic is statically translated to addresses on the 2001:db8::/96 network, allowing transmission on the inside network.

Procedure

Step 1

Create the network object that defines the inside IPv6 network.

Choose Objects > Object Management.
Select Network from the table of contents and click Add Network > Add Object.
Define the inside IPv6 network.

Name the network object (for example, inside_v6) and enter the network address, 2001:db8::/96.
Click Save.

Step 2

Create the manual NAT rule to translate the IPv6 network to IPv4 and back again.

Select Devices > NAT and create or edit the threat defense NAT policy.
Click Add Rule.
Configure the following properties:
- NAT Rule = Manual NAT Rule.
- Type = Dynamic.
On Interface Objects, configure the following:
- Source Interface Objects = inside.
- Destination Interface Objects = outside.
On Translation, configure the following:
- Original Source = inside_v6 network object.
- Translated Source = Destination Interface IP.
- Original Destination = inside_v6 network object.
- Translated Destination = any-ipv4 network object.
Click OK.

With this rule, any traffic from the 2001:db8::/96 subnet on the inside interface going to the outside interface gets a NAT64 PAT translation using the IPv4 address of the outside interface. Conversely, any IPv4 address on the outside network coming to the inside interface is translated to an address on the 2001:db8::/96 network using the embedded IPv4 address method.
Click Save on the NAT rules page.