Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
2
Replies

Direction of NAT from Destination to Source

Go to solution
mahesh18
Level 6
Level 6

‎07-29-2013 06:25 PM - edited ‎03-11-2019 07:18 PM

Hi Everyone,

When  on ASDM  we have  this under  

Original Packet 

Source  Inside_hosts     

Destination  Outside_hosts

Then we have

Translated Packet  with

Source  Inside_hosts_natted

Destination Outside_hosts_natted

So NAT is bidirectional  and when packet comes       back from Destination to source then Source IP  which is Destination Real source will be

Outside_hosts_natted?

We can also write this in format below

inside_ hosts  inside_hosts_natted    Outside_hosts  Outside_hosts_natted

which is equal to

inside local  inside global   outside gloabl  outside local?

       Regards

MAhesh                            

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎07-29-2013 06:40 PM

Hi Mahesh,

It depends on the actual configuration.

If its a Dynamic NAT or Dynamic PAT then it is not bidirectional because destination hosts cannot initiate connections towards the source hosts in the NAT configuration

If its a Static NAT / Static PAT / Identity NAT / NAT0 configuration then its naturally bidirectional in the sense that both source and destination can initiate the connection.

Though in the case of Dynamic type of NAT/PAT, naturally the return traffic will flow from the destination back to the source using this same translation. So in that sense it bidirectional BUT connections cant be initiated from the destination networks defined in the NAT configuration.

Though I would imagine there are some exception to this depending how the ACLs are configured and what kind of translations are active before the destination network attempts to open a connection. Some existing translation together with the destination interface ACL might make it possible for some connectivity. But in normal situation it wouldnt really be bidirectional.

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎07-29-2013 06:40 PM

Hi Mahesh,

It depends on the actual configuration.

If its a Dynamic NAT or Dynamic PAT then it is not bidirectional because destination hosts cannot initiate connections towards the source hosts in the NAT configuration

If its a Static NAT / Static PAT / Identity NAT / NAT0 configuration then its naturally bidirectional in the sense that both source and destination can initiate the connection.

Though in the case of Dynamic type of NAT/PAT, naturally the return traffic will flow from the destination back to the source using this same translation. So in that sense it bidirectional BUT connections cant be initiated from the destination networks defined in the NAT configuration.

Though I would imagine there are some exception to this depending how the ACLs are configured and what kind of translations are active before the destination network attempts to open a connection. Some existing translation together with the destination interface ACL might make it possible for some connectivity. But in normal situation it wouldnt really be bidirectional.

- Jouni

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Jouni Forss

‎07-29-2013 07:00 PM

Hi Jouni,

You expalined everything very good.

Got it now.

Best regards

MAhesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card