Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

IPV4 to IPV6 Internet not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

IPV4 to IPV6 Internet not working

L2 Linker
IPV4 to IPV6 Internet not working
 
We are facing an issue accessing the internet. we have an IPV6 internet connection. we want to access the IPV6 ISP link from the IPV4 LAN subnet. we have created the source NAT policy using NAT64. but unable to access the internet. pls, help.
 
thanks in advance
5 REPLIES 5

Cyber Elite
Cyber Elite

Thank you for the post @AhamadullahM

 

The purpose of NAT64 is to enable IPv6 only clients to communicate with IPv4 only resources: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIFCA0 Based on what you have described, you have opposite scenario. You have IPv4 only client to access IPv6 only network. The NAT64 will unfortunately not work in this case.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Community Team Member

Hi @AhamadullahM ,

 

Is this the scenario you're looking for ?:

 

Configure NAT64 for IPv4-Initiated Communication 

 

I hope it helps,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Thanks for the reply PaveIK,

Could you please let me know, any possible workaround for my scenario? we have to do the source NAT. LAN (IPV4)---to-- ISP(IPV6).

No, We have to look for NAT 46 

 

Thanks for your reply

Cyber Elite
Cyber Elite

Thank you for the reply @AhamadullahM

 

I am sorry, unfortunately I do not have any hands on experience with NAT46, but on best effort bases I would advice following. Since Palo Alto Firewall does not support NAT46, I would connect IPv6 only ISP link to a router that supports NAT46 (For example Cisco ISR router or Juniper SRX), then let this device do a routing + NAT. The Palo Alto would be connected behind this router for the rest of the functionality (Firewall Features).

If it is technically doable, I would consider dual stack to configure IPv6 between your Firewall and your hosts.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
  • 4225 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!