Prisma SD-WAN
NAT46: Connecting IPv4 Clients to IPv6 Servers
Table of Contents
NAT46: Connecting IPv4 Clients to IPv6 Servers
Learn how NAT46 connects IPv4 only clients to IPv6 servers.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Purpose
The goal of NAT46 with DNS64 is to allow an IPv4-only client to communicate with an
IPv6-only server.
Mechanism
This process is effectively the reverse of NAT64.
- The IPv4 client sends a standard DNS (A record) query for a domain.
- A device capable of DNS64 translation (like the Prisma SD-WAN) intercepts the query. It queries for the server's true AAAA record and then synthesizes an IPv4 address (A record) to send back to the client.
- The client sends an IPv4 packet to this synthesized IPv4 destination address.
- The NAT46 gateway (for example, Prisma SD-WAN) receives this packet and performs address translation: it translates the client's source IPv4 address to an IPv6 address and translates the synthesized destination IPv4 address back to the server's actual IPv6 address.
- The resulting IPv6 packet is forwarded to the IPv6 server.
Example Workflow
- An IPv4 Client (192.16.1.2) wants to reach www.natexample.com, which is an IPv6-only server at 2607:f8b0:4009:817::200.
- The client sends a DNS query. The Prisma SD-WAN intercepts it, finds the AAAA record, and sends a synthesized A record (203.0.113.10) back to the client.
- The client sends an IPv4 packet with Source: 192.16.1.2 and Destination: 203.0.113.10.
- The Prisma SD-WAN performs NAT46 translation. The new packet has Source: 2001:db8:2001::1 (its WAN IP) and Destination: 2607:f8b0:4009:817::200.
- This translated IPv6 packet is sent to the server.