NAT to 2 different networks

axfalk · ‎07-30-2005

We have a situation, where we need to NAT the addresses to 2 different networks (interfaces) on the destination router. Does anybody happen to know at which point does the IOS unNAT the packet? - before the packet hits the interface or after? If it does it before, then the unNATed packet would be populated to all the interfaces, just like in the regular router and I would not ned to define the interfaces as "the inside int". However, if it does it after, I would.

Thanks

johansens · ‎07-31-2005

Here is the NAT order of operation:

Inside-to-Outside

* If IPSec then check input access list

* decryption - for CET (Cisco Encryption Technology) or IPSec

* check input access list

* check input rate limits

* input accounting

* policy routing

* routing

* redirect to web cache

* NAT inside to outside (local to global translation)

* crypto (check map and mark for encryption)

* check output access list

* inspect (Context-based Access Control (CBAC))

* TCP intercept

* encryption

Outside-to-Inside

* If IPSec then check input access list

* decryption - for CET or IPSec

* check input access list

* check input rate limits

* input accounting

* NAT outside to inside (global to local translation)

* policy routing

* routing

* redirect to web cache

* crypto (check map and mark for encryption)

* check output access list

* inspect CBAC

* TCP intercept

* encryption

Here's the link it's taken from:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Did it help?