Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
2
Replies

Setting up IP NAT: Understanding Outside Global & Local

jp.ward16
Level 1
Level 1

‎06-12-2015 08:11 PM - edited ‎03-05-2019 01:39 AM

If I have a network say Network A and Network B and if A is the inside then B is the outside Network. Given this partial Running Config, what is the reverse IP NAT statement from the Outside Network returning to the Inside network so those inside Network A requesting YouTube Videos can actually see them from Network B?

Also, would you be able to explain how I would allow any IP from the AP-Pool to receive the reply from the External Network since I overloaded the IP NAT Inside Source ? If there a way to write the reply ?

 

Partial Running-Config:

no ip dhcp conflict logging
ip dhcp excluded-address 192.168.99.254
ip dhcp excluded-address 192.168.99.1
!
ip dhcp pool AP-Pool
 import all
 network 192.168.99.0 255.255.255.0
 default-router 192.168.99.254 
 domain-name 192.168.99.254
!!
interface GigabitEthernet0/0
 description Outside Interface for Internet access | Gateway is 24.54.158.105/29
 ip address 24.54.158.106 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto

!
interface Vlan99
 ip address 192.168.99.254 255.255.255.0
 ip dns view-group internallist
 ip nat inside
 ip virtual-reassembly in

ip dns view external
 domain name-server  8.8.8.8
ip dns view internal
 domain name-server  207.190.35.254
 domain name-server  66.78.244.253
ip dns view-list internallist
 view internal 1
ip dns server view-group internallist
ip dns server

!
ip nat inside source list 101 interface GigabitEthernet0/0 overload
!
!
access-list 101 permit ip 192.168.99.0 0.0.0.255 any

 

Labels:
0 Helpful
2 Replies 2

Gregory Leeson
Level 1
Level 1

‎06-12-2015 09:52 PM

You don't need a separate statement for return traffic.  It's a package deal.

When your pc at 192.168.99.20 sends a request out to YouTube or capital one.com, it picks a source port, say port 51905.

So the packet hits your router with destination (YouTube up address) :80 source 192.168.99.20:51905

Your router creates a return entry with the source and destination reversed.  And when it performs the NAT, it maps that 51905 port as the source.  So when the return traffic comes back, your router looks knows that destination port belongs to 192.168.99.20 and forwards it back to your pc.

 

Outside local is a different animal, probably not something you'll use very often.  Imagine there's a web server on some external network at up 50.60.23.9. For whatever reason, you need it to appear local, so you want it to look like it's at 192.168.1.9.  You want your inside local pc's to be able to type http://192.168.1.9 in a browser window and the router takes the traffic and NAT/PATs it to the 50.60.23.9 server.

 

 

0 Helpful

jp.ward16
Level 1
Level 1
In response to Gregory Leeson

‎06-13-2015 12:05 AM

So having said that, what would the actual statement be?

Ip nat source outside 50.60.23.9 interface vlan 99 extended 

would this be the answer based on your example?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card