NDP causes the firewall to save the MAC addresses and IPv6
addresses of neighbors in its ND cache. (Refer to the figure in
NPTv6 and NDP Proxy Example.)
The firewall does not perform NPTv6 translation for addresses that
it finds in its ND cache because doing so could introduce a conflict.
If the host portion of an address in the cache happens to overlap
with the host portion of a neighbor’s address, and the prefix in
the cache is translated to the same prefix as that of the neighbor
(because the egress interface on the firewall belongs to the same subnet
as the neighbor), then you would have a translated address that
is exactly the same as the legitimate IPv6 address of the neighbor,
and a conflict occurs. (If an attempt to perform NPTv6 translation
occurs on an address in the ND cache, an informational syslog message
logs the event:
NPTv6 Translation Failed.
)