Configuring Static Large Scale NAT64 Maps
The Citrix ADC appliance supports manual creation of NAT64 mappings, which contain the mapping between the following information:
- Subscriber’s IP address and port
- NAT IP address and port
Static Large Scale NAT64 mappings are useful in cases where you want to ensure that the IPv4 connections initiated to a NAT IP address:port are IPv6 translated and mapped to the subscriber IP address:port (for example, web servers located in the internal network).
To create a Large Scale NAT64 mapping by using the command line
At the command prompt, type:
add lsn static <name> <transportprotocol> <subscrIP> <subscrPort> [<natIP> [<natPort>]] [-destIP <ip_addr> [-dsttd <positive_integer>]] show lsn static
Wildcard Port Static Large Scale NAT64 Maps
A static large scale NAT64 mapping entry is usually a one-to-one mapping between a subscriber IPv6 address:port and a NAT IPv4 address:port. A one-to-one static large scale NAT64 mapping entry exposes only one port of the subscriber IP address to the Internet.
Some situations might require exposing all ports (64K - limited to the maximum number of ports of a NAT IPv4 address) of a subscriber IP address to the Internet (for example, a server hosted on an internal network and running a different service on each port). To make these internal services accessible through the Internet, you have to expose all the ports of the server to the Internet.
One way to meet this requirement is to add 64 thousand one-to-one static mapping entries, one mapping entry for each port. Creating those entries is very cumbersome and a big task. Also, this large number of configuration entries might lead to performance issues in the Citrix ADC appliance.
A simpler method is to use wildcard ports in a static mapping entry. You just need to create one static mapping entry with NAT-port and subscriber-port parameters set to the wildcard character (*), and the protocol parameter set to ALL, to expose all the ports of a subscriber IP address for all protocols to the Internet.
For a subscriber’s inbound or outbound connections matching a wildcard static mapping entry, the subscriber’s port does not change after the NAT operation. When a subscriber-initiated connection to the Internet matches a wildcard static mapping entry, the Citrix ADC appliance assigns a NAT port that has the same number as the subscriber port from which the connection is initiated. Similarly, an Internet host gets connected to a subscriber’s port by connecting to the NAT port that has the same number as the subscriber’s port.
To configure the Citrix ADC appliance to provide access to all ports of a subscriber IPv6 address, create a wildcard static map with the following mandatory parameter settings:
- Subscriber port = *
- NAT port = *
In a wildcard static map, unlike in a one-to-one static map, setting the NAT IP parameter is mandatory. Also, the NAT IP address assigned to a wildcard static map cannot be used for any other subscribers.
To create a wildcard static map by using the command line interface
At the command prompt, type:
add lsn static <name> ALL <subscrIP> * <natIP> * [-td <positive_integer>] [-destIP <ip_addr> show lsn static
In the following sample configuration of a wildcard static map, all ports of a subscriber whose IP address is 2001:DB8:5001::3 are made accessible through NAT IP 18.104.22.168.
add lsn static NAT64-WILDCARD-STATIC-1 ALL 2001:DB8:5001::3 * 203.0.113.33 * Done