Solved: Basic question on NAT; hard to understand "Outside Local " definition

news2010a · ‎10-04-2006

On NAT, I can understand terms:

Inside Local (that could be the internal host IP addresses, such as private IP addresses 10.0.0.0/24. Not necessarily routable in the Internet)

Inside Global=That's a legitimate IP address which should be used to represent my "inside" IP addresses.

Outside Global=That's the host range or host IP address assigned by the target "outside" network owner I am trying to reach. That's a routable IP address on the "Internet", let's say.

In the attached diagram out of the Cisco website, I can't get where the "Outside Local" address would be configured ? Note that the Outside Local IP=10.1.1.5.

Can you tell me where in this network diagram such as Outside Local IP=10.1.1.5 would be configured ? I think it is not very detailed.

att-sgcops · ‎10-05-2006

I can give you an example:

10.1.0.0/16 is your inside network. And there are 1 host with global address 141.245.132.1, which is not in your network(outside network). Your administrator does not want to you to memorize the Ip address of the Host, he decides to make the server looks like 10.1.3.4. then he will configure on the board router:

ip nat outside source static 141.245.132.1 10.1.3.4

hope it can help you

View solution in original post

mmorris11 · ‎10-04-2006

This is where you are doing a config like so:

ip nat outside source static outside_global (this is the address that the host appears to have as the packet comes in)

outside_local (this is the address you would like your hosts to see it as)

HTH pls rate!

news2010a · ‎10-04-2006

Let's see if I finally understand:

I am on Company A. My Router is doing NAT and translating the inside local addresses into inside global addresses - OK as they I send a ping from my Workstation A to Company B mail server.

Then Company B is also doing NAT at the edge router;

The "Outside" local address on Company B is actually the host address, inside the TARGET organization. There is no way for me, on Company A, to find out which address is the "Outside Local" (unless I manage to hack the Company B network). Then Company B router also does NAT, and translate the Outside Global address there into Outside Local when the packet initiated from company A arrives.

Is the above a correct interpretation, please confirm ?

news2010a · ‎10-04-2006

Darn. I configured

HostA--e0/0RouterAs0/0---s0/0RouterBe0--HostB

I simply did on RouterA:

e0/0 -> ip nat inside

s0/0 -> ip nat outside

ip nat inside source static HostA_IP Inside_Global_IP

Then I did 'show ip nat translations' and I see there only the "Inside Local" and "Inside Global". There is nothing there for "Outside Local" and "Outside Global". I understand now that if such designation for Outside Global and Outside Local is something that I have to configure. I think that's why I got confused. Still on RouterA I configured 'ip nat outside source <> <>' and now I see the Outside Local and Global there OK.

att-sgcops · ‎10-05-2006

I can give you an example:

10.1.0.0/16 is your inside network. And there are 1 host with global address 141.245.132.1, which is not in your network(outside network). Your administrator does not want to you to memorize the Ip address of the Host, he decides to make the server looks like 10.1.3.4. then he will configure on the board router:

ip nat outside source static 141.245.132.1 10.1.3.4

hope it can help you

mheusinger · ‎10-05-2006

Hi,

in principle you are dealing with 4 IP addresses:

1) source IP in the packet before NAT

2) destination IP in the packet before NAT

3) source IP in the packet after NAT

4) destination IP in the packet after NAT

Consider the packet flow from your network to the internet in my naming convention here.

From the NAT router perspective you need to define what is inside and what is outside f.e. through:

interface Ethernet0

ip nat inside

interface Serial1

ip nat inside outside

IPs 1) and 2) are in the packet in your local network, hence

1) is called inside local

2) is called outside local

IPs 3) and 4) are in the packet after NAT so usually in the internet (global) and hence

3) is called inside global

4) is called outside global

A Cisco router can potentially modify 3 of the 4 IP addresses.

ip nat inside source ... modifies IP 1)

ip nat inside destination ... modifies IP 2)

ip nat outside source ... modifies IP 4) !!

The last one is named somewhat tricky, as the naming depends on the direction of the packet flow. The function is explained in the post of att-sgcops.

Hope this helps! Please rate all posts.

Regards, Martin