NAT66 Example, Static Translation between Networks

You can configure a static translation between IPv6 address pools using auto NAT. The following example explains how to convert inside addresses on the 2001:db8:122:2091::/96 network to outside addresses on the 2001:db8:122:2999::/96 network.

NAT66 static translation network diagram.

Before you begin

Ensure that you have interface objects (security zones or interface groups) that contain the interfaces for the device. In this example, we will assume the interface objects are security zones named inside and outside. To configure interface objects, select Objects > Object Management, then select Interface.

Procedure

Step 1

Create the network objects that define the inside IPv6 and outside IPv6 NAT networks.

Choose Objects > Object Management.
Select Network from the table of contents and click Add Network > Add Object.
Define the inside IPv6 network.

Name the network object (for example, inside_v6) and enter the network address, 2001:db8:122:2091::/96.
Click Save.
Click Add Network > Add Object and define the outside IPv6 NAT network.

Name the network object (for example, outside_nat_v6) and enter the network address 2001:db8:122:2999::/96.
Click Save.

Step 2

Configure the static NAT rule for the inside IPv6 network.

Select Devices > NAT and create or edit the threat defense NAT policy.
Click Add Rule.
Configure the following properties:
- NAT Rule = Auto NAT Rule.
- Type = Static.
On Interface Objects, configure the following:
- Source Interface Objects = inside.
- Destination Interface Objects = outside.
On Translation, configure the following:
- Original Source = inside_v6 network object.
- Translated Source > Address = outside_nat_v6 network object.
Click OK.

With this rule, any traffic from the 2001:db8:122:2091::/96 subnet on the inside interface going to the outside interface gets a static NAT66 translation to an address on the 2001:db8:122:2999::/96 network.