Bi-Directional NAT

Unanswered Question
May 17th, 2007

Can someone explain me the Bi-Directional NAT in detail with an example.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Wed, 05/23/2007 - 10:21

Cisco PIX 6.2 and later versions allow the application of Network Address Translation (NAT) and Port Address Translation (PAT) to traffic from an outside interface to an inside interface. This feature is referred to as bi-directional NAT. An outside interface is less secure, whereas an inside interface is considered more secure.

Outside NAT/PAT is similar to inside NAT/PAT, but the address translation is applied to addresses of hosts that reside on the outer interfaces of the PIX, which are less secure.

In order to configure dynamic outside NAT, specify the addresses to be translated on the outside interface, which is less secure. Then specify the global address or addresses on the secure inside interface.

In order to configure static outside NAT, use the static command to specify the one-to-one mapping.

Refer this link:

avilt Wed, 05/23/2007 - 18:45

So in Outside NAT, the client on outside will be abe to connect to inside host, which can also be achieved by static NAT.Whats the reall purpose of this outside NAT? Can someone provide an example.

Jon Marshall Thu, 05/24/2007 - 00:30


The purpose of outside NAT is to NAT the source addresses of the packets and not the destination address eg.

static (inside,outside) netmask

means hosts on the outside connect to the host which is natted to But the source addresses of the hosts don't change.

With outside NAT you are changing the source addresses of the hosts eg.

nat (outside) 1 outside

global (inside) 1 interface

says that all external hosts with source IP addresses of 192.168.10.x will be natted to the inside interface IP address of the pix as they come from the outside and go to the inside.




This Discussion