NAT of ip proto-41 to establish IPv6 6in4 tunnel

Hi,

short intro:
------------
we have got a Cisco 836. Unfortunately, we cant
use the ADSL feature, because our ISP 'only' provides
ADSL2+ and the C836 is not capable of ADSL2+.
Nevertheless, with IOS 12.4 there comes an Ethernet 2
interface which can be used for PPPoE with dynamic IPv4 address.
This works perfectly ;-)

challenge:
----------
Our current challenge is to establish our IPv6 6in4 tunnel to SixXS.net
via aiccu which should be located on an openwrt router one hop 'behind'
the Cisco router.

cf. https://www.sixxs.net/faq/connectivity/?faq=comparison (6in4-heartbeat)

cf. footnote 1: "Unless the machine performing the NAT function is
configured to forward protocol 41 to the actual endpoint or when the NAT
supports proto-41 because it keeps state for outbound proto-41 packets
and relies on that information."

The 6in4-heartbeat tunnel uses IP protocol-41 and therefore has a very
short tunnel overhead. (compared to AYIYA)

question:
---------
how to direct the proto-41 traffic to my openwrt router via NAT?

I have read many docs on cisco.com but didn't find any hint for "NATing"
a specific protocol only.

Any help, comments etc is highly appreciated,

Thanks in advance,

Valentin

keywords: Cisco, IOS, IPv6, OpenWRT, aiccu, sixXS.net, proto-41, AYIYA

 

I would imagine that a static nat with route-map should
work.

Something like -

ip nat inside source static 1.2.3.4 2.3.4.5 route-map RM.v6tunnel

route map RM.v6tunnel
match ip address ACL.RM.v6tunnel

ip access-list extended ACL.RM.v6tunnel
permit 41 host 1.2.3.4 host 2.3.4.5

I believe that this will NAT only the protocol 41 traffic.

 

Thanks!!

Indeed, the three commands:
ip nat inside source static 192.168.201.2 <PUBLIC IP> route-map
RM.v6tunnel
route map RM.v6tunnel
match ip address ACL.RM.v6tunnel
ip access-list extended ACL.RM.v6tunnel
permit 41 host 192.168.201.2 host <PUBLIC IP>

do the job for a static PUBLIC IP. Unfortunately, we have
got a dynamic PUBLIC IP by our ADSL-ISP.

Therefore, I have tried
ip nat inside source static 192.168.201.2 interface Dialer1
(Dialer1 is the interface which performs PPPoE)
But with this command *any* traffic is directed to our interior router.
There is no possiblity to bound this rule by a route-map ;-(

Perhaps,
ip nat inside source route-map
does the job? I tried it, but it didn't work :-|

Any help/hints are welcome, thanks, Valentin

 

I have the idea that I have seen a fix for the fancy nat with
dynamic IP problem on this group but I could be
mistaken. I might have a look

I would think you could resolve it with the new
event manager stuff but it might be a bit tough to
figure out how to do it.

The idea would be that you run an event when the
dialer comes up which changes the config to match the
address. No idea if it is even possible.

An example:-
event manager applet CLIaccounting
event cli pattern ".*" sync no skip no
action 1.0 syslog priority informational msg "$_cli_msg"
set 2.0 _exit_status 1

This logs all commands used to the log.

Maybe you can watch the log for specific messages
to detect the dialer coming up.

There was a large event manager example posted
here the other day.

Random links.
http://www.cisco.com/en/US/prod/col...sco_integrated_services_router_platforms..htm

l
Embedded Event Manager
EEM Tool Command Language (TCL)

http://cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide0918

6a008041231a.html
Writing Embedded Event Manager Policies

http://cisco.com/en/US/products/sw/..._feature_guide09186a008041231a.html#wp1049672
• Writing EEM Policies Using TCL

www.cisco.com/go/ioscommercial

############
Another example

event manager environment mybackuploc tftp://192.168.200.11/
event manager environment myfilename cr-u1-cfgbkp
event manager environment myfilenameext .txt
event manager environment dash -
event manager applet bkp_when_changed trap
event cli pattern "wr" sync no skip no
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "file prompt quiet"
action 4.0 cli command "end"
action 5.0 cli command "copy running
$mybackuploc$myfilename$myfilenameext"
action 6.0 cli command "config t"
action 7.0 cli command "no file prompt quiet"
action 8.0 cli command "end"

 

The event manager stuff reads very interesting. I think
it would be very challenging to solve that kind of question
with this technique. Unfortunately, I have
Cisco IOS Software, C836 Software (C836-K9O3S8Y6-M), Version 12.4(25b),
RELEASE SOFTWARE (fc1). In that IOS the event manager stuff
in not included ;-(
I have looked with the cisco feature navigator for an IOS for my C836
with the event manager stuff included, but without success.

The second research for the "fix for the fancy nat with dynamic IP".
in this group wasn't successfull, either.

I was wondering that some of the deep links to cisco.com you posted are
not working?