We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 588 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

312 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Hello Sumit

    This is a very good question because the terms used with NAT can become very confusing. Let's say you are the Inside Host and you are connecting to a web server which is the Outside Host like so:

    You can see that the packet leaving the inside host and travelling towards the NAT router has:

    • Source Address: Inside Local - a private address such as 10.10.10.5
    • Destination address: Outside Local - the public IP address of the outside host such as 205.10.10.47

    A packet going from the NAT router to the Inside host has the following addresses:

    • Source address: Outside Local - the public IP address of the outside host such as 205.10.10.47
    • Destination Address: Inside Local - a private address such as 10.10.10.5

    Notice that the word "LOCAL" is used for all of the above mentioned addresses.

    On the outside network, packets going from the NAT router to the Outside Host have the following addresses:

    • Source Address: Inside Global - the translated public address such as 147.52.3.17
    • Destination address: Outside Global - the public IP address of the outside host such as 205.10.10.47

    Packets travelling in the opposite direction have:

    • Source address: Outside Global - the public IP address of the outside host such as 205.10.10.47
    • Destination Address: Inside Global - the translated public address such as 147.52.3.17

    Notice here that the word Global is used for ALL of these addresses.

    So whenever you see the word Local, you are referring to addresses as they exist BEHIND the NAT router while the word Global refers to addresses as they exist BEYOND the NAT router.

    Whenever you see the word Inside, you are referring to the IP address of the Inside host and Outside refers to the address of the outside host.

    Finally, you will notice that the Inside Global and the Outside Global addresses are almost always the same as translation does not occur on the address of the outside host.

    I hope this has been helpful!

    Laz

  2. Hello Maodo

    Don't worry, you are reading up on CCNA material. Rene is referring to the fact that the Outside Local and the Outside Global addresses are the same. These however can be configured so that they are different. That is, the destination IP address can also be translated by NAT. It is this configuration alone that is outside of the CCNA curriculum. Not to worry, the rest is definitely covered within the CCNA curriculum.

    I hope this has been helpful!

    Laz

  3. Hello Lazaros,

    Thanks for the explaination.. Can you please explain the use of keywords extendable and reversible in natting with an example.

  4. Thanks for your explanation, Lazaros.

    My question was no so technical. A CCNP lesson telling about CCNA scope ; I thought, it's Copy/Paste error. Now, I understand that one lesson can belong to CCNA and also be re-used, without any change, in CCNP or CCIE courses. I found below the three (CCNA, CCNP, CCIE) links having the same NAT lesson (the lesson that was originally written for CCNA).

    .../ccna-routing-switching-icnd1-100-105/how-to-configure-dynamic-nat-on-cisco-ios-router/
    .../ccnp-route/how-to-configure-dynamic-nat-on-cisco-ios-router/
    .../ccie-routing-switching/how-to-configure-dynamic-nat-on-cisco-ios-router/

  5. Hello Sumit

    There are two types of translation entries: Simple and Extended. A simple translation entry maps one IP address to another. The keyword extendable which indicates an extended translation entry indicates that the translation entry will map an IP address and port pair to another. The extended translation includes the port. An example of such a configuration is the following:

    ip nat inside source static tcp 192.168.1.4 25 199.198.5.1 25 extendable
    ip nat inside source static tcp 192.168.1.3 21 199.198.5.1 21 extendable
    ip nat inside source static tcp 192.168.1.3 20 199.198.5.1 20 extendable
    ip nat inside source static tcp 192.168.1.2 80 199.198.5.1 8080 extendable

    Note in the final example that the inside and outside ports do not necessarily have to be the same.

    The reversible keyword according to Cisco "enables outside-to-inside initiated sessions to use route maps for destination-based NAT." This essentially means that a NAT translation entry will be created as soon as the router detects traffic flow from outside to inside using the specific NAT translation. Without this keyword, a NAT entry would only be created when the traffic is sourced from the inside network.

    An example would be the following command:
    Router(config)# ip nat inside source route-map MAP-A pool POOL-A reversible

    This enables outside-to-inside initiated sessions to use route maps for destination-based NAT. Note the reversible keyword is used in conjunction with route maps only.

    I hope this has been helpful!

    Laz

15 more replies! Ask a question or join the discussion by visiting our Community Forum