Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
arulmozhiarasu
New Contributor

NAT64 for traffic over IPv6 Tunnel through IPsecVPN not working..

Hi,

 

I am configuring NAT64 policy from Sit-tunnel to external IPv4 interface.

The Sit-tunnel established over IPv6 Tunnel through IPSec(V4)VPN.

V6 LANs Reaching each other.

NAT64 at HO workd well for HO ip6 lan.

 

But not successful for Branch lan

The NAT64 policy i am creating from Sit-Tunnel to IPv4.

 

My question is the NAT 64 policy from Sit-tunnel to IPv4 interface is authorized?

or Do i need to extend my topology with one more device for NAT64?

 

I am testing this topology with FG40C and FG60C with FortiOS5.2.

 

Thanks in advance.

 

Regards

arul

 

3 REPLIES 3
emnoc
Esteemed Contributor III

The diag debug flow filter6 is your best friend ;) It will probably give or shed light into what the issue(s) are.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
arulmozhiarasu

Hi EMNOC,

 

Thanks for your kind advice. By this diag debug i found the default NAT64 prefix is not routable, and i externally assigned other NAT64 prefix, and complete my test implementation.

 

Thanks Lot

arul

emnoc
Esteemed Contributor III

1st you can started by detail of  the FortiOS version your running?

 

For NAT64 it should be doable but problems in NAT64 has been id recently and more so than NAT66.

 

As far as authorized, it should be a supported feature minus the position of possible bugs and issues with regards to NAT64. Do a search here for a few examples of NAT64 issues

 

e.g

[link]https://forum.fortinet.com/tm.aspx?m=126176[/link]

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors