SRX Services Gateway
SRX Services Gateway

Packet with IPv6 source & IPv4 destination (in Juniper documentation)

[ Edited ]
‎01-14-2019 08:40 AM

Anyone know how a packet could have an IPv6 source address and an IPv4 destination address?  The example at thinks it is possible:


[edit security nat]
source {
  pool myipv4 {
    address { to;
  rule-set myipv4_rs {
    from interface ge-0/0/1.0;
    to interface ge-0/0/2.0;
    rule ipv4_rule {
      match {
        source-address 2001:db8::/96;
      then {
        source-nat {
          pool {






SRX Services Gateway
Accepted by topic author atinglin
‎01-15-2019 06:52 AM

Re: Packet with IPv6 source & IPv4 destination (in Juniper documentation)

‎01-14-2019 08:15 PM



Good catch. Traffic on the wire can never be a mix of IPv4 and IPv6. However the snippet provided here is purely an internal processing/flow logic on the SRX firewalls.


> The example given below is that of a NAT64 - which is IPv6 to IPv4 NAT

> So to achive this both source and destination v6 addresses need to be translated to v4

> As part of the SRX flow processing Dest-NAT happens first

> Therefore the destination gets translated to v4 while source is yet a v6

> Subsequently there is a security policy and source nat lookup 

> The snippet you have provided is for creating a source NAT policy while the destination was already translated in the earlier step

> This is where you would see this funny looking combo of source v6 and destination v4

> Here is a link to explain the flow processing on the SRX:


I hope this answers your query. Regards,




SRX Services Gateway

Re: Packet with IPv6 source & IPv4 destination (in Juniper documentation)

‎01-14-2019 10:09 PM

Hi Atinglin,


Because IPv4 migration to IPv6 needs to be transparent and smooth, several ways of communication between IPv4 and IPv6 hosts have been developed; you can even have IPv4 addresses inside IPv6 headers for this same purpose: 


The document you are checking is for one of those solutions that were developed and its called NAT-PT, where you perform NAT operations between IPv4 and IPv6. As the document states "IPv6 Network Address Translation-Protocol Translation (NAT-PT) provides address allocation and protocol translation between IPv4 and IPv6 addressed network devices.". Check the "IPv6 NAT PT Overview" section, if you havent, for a better understanding:


I hope the above info helps 😉


Pura Vida from Costa Rica - Mark as Resolved if it applies.
Kudos are appreciated too!