The stateful NAT64 feature enables communication between IPv6 clients and IPv4 servers through IPv6 to IPv4 packet translation, and vice versa, while maintaining session information on the NetScaler appliance.
When an IPv6 request packet received by the NetScaler appliance matches an ACL6 defined in a NAT64 rule and the destination IP of the packet matches the NAT64 IPv6 prefix, the NetScaler appliance considers the IPv6 packet for translation.
The appliance translates this IPv6 packet to an IPv4 packet with a source IP address matching one of the IP address bound to the netprofile defined in the NAT64 rule, and a destination IP address consisting of the last 32 bits of the destination IPv6 address of the IPv6 request packet. The NetScaler appliance creates a NAT64 session for this particular flow and forwards the packet to the IPv4 server. Subsequent responses from the IPv4 server and requests from the IPv6 client are translated accordingly by the appliance, on the basis of information in the particular NAT64 session.
Consider an example in which an enterprise hosts site www.example.com on server S1, which has an IPv4 address. To enable communication between IPv6 clients and IPv4 server S1, NetScaler appliance NS1 is deployed with a stateful NAT64 configuration that includes a NAT64 rule and a NAT64 prefix. A mapped IPv6 address of server S1 is formed by concatenating the NAT64 IPv6 prefix [96 bits] and the IPv4 source address [32 bits]. This mapped IPv6 address is then manually configured in the DNS servers. The IPv6 clients get the mapped IPv6 address from the DNS servers to communicate withIPv4 server S1.
|IPv6 address of client CL1||Client_IPv6 (for reference purposes only)||2001:DB8:5001::30|
|IPv4 address of server S1||Sevr_IPv4 (for reference purposes only)||192.0.2.60|
|IPv6 prefix for NAT64 translation||NAT64_Prefix (for reference purposes only)||2001:DB8:300::|
|Mapped IPv6 address (NAT64_Prefix + Sevr_IPv4) of server S1 for IPv6 clients to reach server S1||Map-Sevr-IPv6 (for reference purposes only)||2001:DB8:300::192.0.2.60|
|IPset||IPset-1||IP addresses bound (of type SNIPs) = 192.0.2.100 and 192.0.2.102|
|Netprofile||Netprofile-1||Source IP address = IPset-1|
|NAT64 rule||NAT64-1||ACL6 rule = ACL6-1 Netprofile = Netprofile-1|
The NetScaler appliance creates a NAT64 session for this flow and sends the translated IPv4 request to server S1.
> add acl6 ACL6-1 ALLOW -srcIPv6 2001:DB8:5001::30 Done > apply acls6 Done > add ip 192.0.2.100 255.255.255.0 –type SNIP Done > add ip 192.0.2.102 255.255.255.0 –type SNIP Done > add ipset IPset-1 Done > bind ipset IPset-1 192.0.2.100 192.0.2.102 IPAddress "192.0.2.100" bound IPAddress "192.0.2.102" bound Done > add netprofile Netprofile-1 -srcIP IPset-1 Done > add nat64 NAT64-1 ACL6-1 -netprofile Netprofile-1 Done > set ipv6 -natprefix 2001:DB8:300::/96 Done
Navigate to, and a new NAT64 rule, or edit an existing rule.
Navigate to Settings group, click Configure INAT Parameters, and set the Prefix parameter., in the