ip nat outside source static

sam0000021 · ‎04-19-2015

I'm struggling to figure out why you would need the 'ip nat outside source static' command. The 'inside source static' makes perfect sense, but why the outside. In what type of scenario would you use it?

Any help would be appreciated

Jon Marshall · ‎04-19-2015

h1 (192.168.10.2) -> R1 -> (ip nat inside) R2 (ip nat outside) -> R3 -> s1 (172.16.5.2)

On R2

ip nat outside source static 192.168.11.2 172.16.5.2

would mean -

h1 would send traffic to 192.168.11.2 and the destination IP would be translated to 172.16.5.2 and if s1 sends traffic to h1 the source IP would be 192.168.11.2.

One reason to do this would be, using the above example, your internal network uses 192.168.x.x IP addressing and you do not want to have to advertise the 172.16.5.x IP within your network.

So instead you choose an unused 192.168.x.x IP and as long as R1 routes traffic for that IP to R2 it is then translated to 172.16.5.2 on R2 which means your internal routers do not need to have external IP addresses in their routing tables.

Jon

sam0000021 · ‎04-20-2015

That makes sense, thank you for the reply Jon.