Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3154
Views
0
Helpful
18
Replies

NAT for local originated packet

CARLO CIANFARANI
Level 1
Level 1

‎03-16-2012 06:56 AM - edited ‎03-04-2019 03:41 PM

Hi,

I've configured a Cisco 3725 w/ IOS 12.(4)21a to implement  natting for local originated packet going out towards a  specific IP destination

Basically I configured ip nat outside on the egress i/f /(serial 0/0.100)

interface Serial0/0.100 point-point

ip address 172.16.1.1 255.255.255.0

ip nat outside

ip virtual-reassembly

!

and ip nat inside source list TO-DST interface serial 0/0.100 in global configuration mode

ip access-list extended TO-DST

permit ip host 10.10.10.1 host 172.16.10.3

!

ip nat inside source list TO-DST interface Serial0/0.100 overload

!

The C3725 has an entry for 172.16.10.3 in IP RIB and pinging from this router to dst is ok. Now a question arises.....

How can the router perform NAT if ip nat inside command is not configured on any interfaces ?

Thanks

Labels:
0 Helpful
18 Replies 18

Dan-Ciprian Cicioiu
Level 7
Level 7
In response to CARLO CIANFARANI

‎03-19-2012 03:52 AM

Hi Carlo ,

ip nat outside source lis/route-map - translates the source when flow is entering the outside and going to inside

ip nat inside destination - translate the destination when flow is entering the outside and goint to inside

If it's simple to remember : the command ip nat tells you were is the host/network that will be translated.

Regards

Dan

0 Helpful

CARLO CIANFARANI
Level 1
Level 1
In response to Dan-Ciprian Cicioiu

‎09-12-2012 08:03 AM

Thinking again about it.......

I think the "right" syntax for destination address translation of packets entering from outside and going to inside should be

ip nat outside destination instead of "ip nat inside destination"

After all here we are translating the Inside global (IG) address into Inside Local (IL) address as destination for a packet entering from outside i/f...

Does it make sense ?

0 Helpful

Dan-Ciprian Cicioiu
Level 7
Level 7
In response to CARLO CIANFARANI

‎09-16-2012 02:17 AM

Hi Carlo,

As far as I know "ip nat outside destination" is not available. Destination keyword is only available on ip nat inside and is used for load-balancing.

There are 2 types of nat : static and list ( acl and route-map ). The main difference between them is that static creates a bidirectional translation. This means that , unlinke the 'list' nat, the packet can be originated on any interface (outisde|inside).

In your case you need to configure a static nat. IOS will DNAT in case of a packet arriving on the outside interface with the destination of Outside Global according to your nat statement

Regards,

Dan

0 Helpful

CARLO CIANFARANI
Level 1
Level 1
In response to Dan-Ciprian Cicioiu

‎09-16-2012 01:28 PM

Thanks Dan for the answer....

The spirit of the question asked to clarify doubts about terminology: if I understand correctly the configuration statement ip nat inside destination (used for load-balancing ....) perform translation of packets' destination address entering from outside interface (following configured rules of course)... that address is mapped to a 'real' server address chosen into a 'rotary' servers pool ....

Now, if that is right, the router is translating the inside global address in an inside local (the address of the choosen sever in the pool) ... so, based on this reasonings, I was thinking about the syntax ip nat ouside destination instead of 'ip nat inside destination'....

Carlo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card