8/13/2019 NAT Traversal Config Tutorial

1/5

Hexago Gateway6NAT Traversal Configuration Tutorial

Hexago, HexOS, TSP, and Migration Broker are trademarks of Hexago Inc.Copyright 2002-2006 Hexago Inc., all rights reserved.

Overview

This tutorial shows how to configure a Hexago Gateway6 to automatically offer IPv6 tunnels to hosts behind IPv4network address and port translators !"Ts#$ In order to traverse the !"T more easily% IPv4 &'P encapsulation of theIPv6 packets is used$ This tutorial is part of a series and re(uires the Gateway6 to be already configured for standardIPv6 in IPv4 tunnel support$ )ee the document *Tunnel +onfiguration Tutorial* for details$

Network Setup

In this setup% interface fast ethernet , is configured in IPv4 and fast ethernet - with IPv6$ The dual.stack host is in anIPv4 only network behind a !"T box and re(uires IPv6 access right.side cloud#$

Configuration Objects

The re(uired configuration ob/ects are similar to standard IPv6 in IPv4 tunnels$ The ma/or difference is that the T)Plistener must be configured to accept &'P connections and the tunnel server must be able to create IPv6 in &'P IPv4tunnels$

tunnel server

tunnel broker

tsp

ipv6 pool aaa model

http

Address Pools

In order to support &'P tunnels% a different pool of addresses is define$ The new pool uses the second leftmost bit of theprefix in order to keep the flexibility for future prefix assignments$

'ual.stackhost

IPv6!etwork

IPv6 in UDP IPv

'efault gateway0,,-12c,13c2a1-11-,-64

5astthernet ,-,$6$6$604

5astthernet -0,,-12c,13c2a1-11664

'efault IPv4 gateway-,$6$6$-,-04

-,$6$6$,04!"T

-70$-63$-$,04

8/13/2019 NAT Traversal Config Tutorial

2/5

Configuration State!ent Description

ipv6localpoolV6UDPV4-ENDPOINTS

2001:5c0:8c5a:4000::/64 128Define pool V6UDPV4-ENDPOINTS as apool of /128 addresses to be taken from therange 2001:5c0:8c5a:4000::/64.

"SP listener

" new T)P listener is defined that listens for &'P connections$ The important difference here is the *transport udp

8628* statement$ "n additional tunnel mode is supported% v6udpv for &'P encapsulation$ !ote that the standard IPv6in IPv4 encapsulation is still supported by the listener$ If a client connects with &'P but is not behind a !"T% it will beautomatically assigned an IPv6 in IPv4 tunnel in order to reduce the header overhead during transport$

Configuration State!ent Description

tspTSP-UDP-EXAMPLE Define a TSP listener TSP-UDP-EXAMPLE and enters the TSPconfiguration mode.

set aaamodelAAA-EXAMPLE Use the defined AAA-EXAMPLE AAA model for the user AAA policy of

this TSP listener. The AAA model information is used by the TSP listener toannounce its capabilities to the TSP clients.

ipaddress10.6.6.6 Define the IPv4 address of this TSP listener. The listener is started on this

address. TSP clients must connect to this address to make their tunnelrequests. The IPv4 address must be valid and configured on a physical

interface of this Migration Broker.

transport udp3653 Define the transport for this TSP listener. The listener will listen on port 3653(the port assigned to TSP by IANA) for TCP connections.

tunnel mode v6v4 Supported IPv6 in IPv4 tunnel encapsulation mode.

tunnel mode v6udpv4 Supported IPv6 in UDP IPv4 tunnel encapsulation mode.

exit Exit the TSP configuration mode.

"unnel Server configuration

" tunnel server is defined for &'P tunnels$ !ote that the range of interfaces is different than previous tunnel servers$The mode and the endpoint pool also changed$

Configuration State!ent Description

tunnelserverTS-V6UDPV4 Define a tunnel server TS-V6UDPV4 andenter the Tunnel Server configuration

mode.

interfacerange1001 2000 Define the list of tunnel interfaces used onthis tunnel server.

ipaddress10.6.6.6 Define the IPv4 address of this tunnel

server, which will be the tunnel endpoint oftunnels on this tunnel server. The IPv4address must be valid and configured on a

physical interface of this Migration Broker.

ipv6poolendpointsV6UDPV4-ENDPOINTS Use the defined V6UDPV4-ENDPOINTSpool for tunnel endpoints.

tunnel mode v6udpv4 Define the encapsulation mode of thetunnels as being over IPv4 UDP.

exit Exit the Tunnel Server configuration mode.

8/13/2019 NAT Traversal Config Tutorial

3/5

"unnel #roker Configuration

The statements below must be added to the tunnel broker configuration$ The new T)P listener and tunnel server aresimply added to the tunnel broker$

Configuration State!ent Description

tunnelbrokerTB-EXAMPLE Define a tunnel broker TB-EXAMPLE and enter the Tunnel Brokerconfiguration mode.

set tspTSP-UDP-EXAMPLEReceive requests from TSP listener TSP-TCP-EXAMPLE.

set tunnelserverTS-V6UDPV4 Allocate the TS-V6UDPV4 tunnel server as a resource to create tunnels.

exit Exit Tunnel Broker configuration mode.

$erif%ing t&e configuration

"gain% it is important to to verify if the configuration is correct and the status of the different element is up$

broker# show tspName Status IP address Transport Tunnel modes AAA model----------------------------------------------------------------------------TSP-TCP-EXAMPLE

up 1!"!"!" tp$%"&% '"'( AAA-EXAMPLETSP-)*P-EXAMPLE

up 1!"!"!" udp$%"&% '"'( '"udp'( AAA-EXAMPLE

Total number o+ tsp l,steners !broker#

broker# show tunnel ser'erName Status Tunnel modes Tunnels IP Address--------------------------------------------------------TS-EXAMPLE

up '"'( 1 1!"!"!"

TS-.")*P.(

up '"udp'( 1 1!"!"!"

Create a new user account

" local user account is created to test the new type of tunnel$

'nable Co!!and Description

db add user testv6udpv4

password hexagoAdd a new user to the local database.

Client Connection

stablish the tunnel from a dual.stack host% for example a P+ running 9indows :P )P0 or ;inux$

8/13/2019 NAT Traversal Config Tutorial

4/5

8/13/2019 NAT Traversal Config Tutorial

5/5

!ote that the !"T is completely transparent% in the IPv6 world it completely disappeared1

C39*ouments and Sett,ns9De0aotraert" -d 13&32&a313311

Tra,n route to 13&32&a313311+rom 13&32&a3(33& o'er a ma0,mum o+ % hops3

1 ms ms ms 13&32&a3(33( ms ms ms 13&32&a313311

Trae omplete!