Help configuring NAT64 on a BIG-IP LTM

Would the approach be any different if I am using internal and external VLANs? Because I am switching from VLAN 2001 to VLAN 2000 and it is the only way I will be able to reach the IPv4 server. I have been trying some stuff around and when I create a pool, it does not work because it says that the pool members are down (192.168.1.7?).

Do you have IPv4 self IP addresses defined? I had assumed that you did based on the diagram. The pool member health checking would be done from those IPv4 self IP addresses. If none exist then I'm not sure this would work.

As it stands, I have:

Self IP on left interface:

                            192.168.2.2/28              using external VLAN
                            2001:b3e:45f1:6121::3/64    using external VLAN

Self IP on right interface:

                            192.168.1.1/28              using internal VLAN

Virtual Server on left interface:

                            2001:b3e:45f1:6121::/96
                            SNAT: Automap

IPv4 Gateway:

                            192.168.2.1

SNAT:

                            Translation: Automap
                            Origin: Address list: 192.168.1.7
                            VLANs: All

License:

Local Traffic Manager, 1600 Enterprise(Perpetual)
Maximum Compression
ADD SSL MAX TPS
ADD LTM MODULE
ADD DNS EXPRESS
ADD IPV6 GATEWAY
ADD RATE SHAPING
ADD RAMCACHE
50 MBPS COMPRESSION
SSL 500 TPS Per Core
ADD CLIENT AUTHENTICATION
ADD SSL CMP
ADD ROUTING BUNDLE

It looks like your SNAT is the problem. Delete the SNAT and then set Source Address Translation in your virtual server to "Auto Map".

Hello again,

Thank you for your response, I was in a meeting Friday afternoon and busy this morning. I have had time to look through my configuration and set it up the way you suggested.

I have removed the SNAT and setup the VS to use Automap and ticked address translation. I have a pool associated with the VS which contains the 192.168.1.7:0 address. I have also configured the VS to have a static IPv6 address 2001:b3e:45f1:6121::7 like in your example. I can ping from the F5 console to 192.168.1.7 and to 2001:b3e:45f1:6121::1.

When I type the [2001:b3e:45f1:6121::7] in my browser, I still do not get my test webpage from the server (at 192.168.1.7). Any suggestions why that is ?

Also, my default route is IPv4 and points to 192.168.2.1.

Sebastien,

Your pool member looks to be using a destination port of 0. Should this be 80 or 443?

I have changed it to port 80 for http and it became available (Thank you!). However, when inserting the IPv6 address in my browser, I still don't see the web page on the server 192.168.1.7.

Also, why could I not put all ports when assigning pool members or a VS ?

Never mind my last comment, it was able to do the trick! I had an iRule I forgot to remove on the VS. I am reaching the server no problem now.

Do you know how different it would be to create actual NAT64 instead of only balancing it ?

Thank you so much for your help!