Prisma SD-WAN
NAT66: Internal IPv6 Address Management
Table of Contents
NAT66: Internal IPv6 Address Management
Learn how NAT66 translates between IPv6 address spaces.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Purpose
NAT66 is used to translate between IPv6 address spaces, enabling an IPv6-only client
to communicate with an IPv6-only server through a NAT gateway. This is often used to
map private or internal IPv6 addresses to a public-facing IPv6 address, hiding the
internal network structure.
Mechanism
The mechanism is a straightforward network address translation for IPv6.
- An IPv6 client sends a packet from its source address to a destination IPv6 server.
- A NAT66 gateway (for example, Prisma SD-WAN) on the edge of the network intercepts the outgoing packet.
- It translates the source IPv6 address to its own external WAN IPv6 address. The destination address of the server remains unchanged.
- The gateway forwards the packet with the new source address to the destination server. Return traffic is translated in the reverse direction.
Example Workflow
- An IPv6 Client (2001:db8::1) sends a packet to an IPv6 Application Server at 2607:f8b0:4009:817::200.
- The initial packet has Source: 2001:db8::1 and Destination: 2607:f8b0:4009:817::200.
- The Prisma SD-WAN intercepts the packet and performs NAT66, changing the source address to its own WAN IP.
- The final packet sent to the server has Source: 2001:db8:2001::1 and Destination: 2607:f8b0:4009:817::200.