Bi-Directional NAT

avilt · ‎05-17-2007

Can someone explain me the Bi-Directional NAT in detail with an example.

mchin345 · ‎05-23-2007

Cisco PIX 6.2 and later versions allow the application of Network Address Translation (NAT) and Port Address Translation (PAT) to traffic from an outside interface to an inside interface. This feature is referred to as bi-directional NAT. An outside interface is less secure, whereas an inside interface is considered more secure.

Outside NAT/PAT is similar to inside NAT/PAT, but the address translation is applied to addresses of hosts that reside on the outer interfaces of the PIX, which are less secure.

In order to configure dynamic outside NAT, specify the addresses to be translated on the outside interface, which is less secure. Then specify the global address or addresses on the secure inside interface.

In order to configure static outside NAT, use the static command to specify the one-to-one mapping.

Refer this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml#topic12

avilt · ‎05-23-2007

So in Outside NAT, the client on outside will be abe to connect to inside host, which can also be achieved by static NAT.Whats the reall purpose of this outside NAT? Can someone provide an example.

Jon Marshall · ‎05-24-2007

Hi

The purpose of outside NAT is to NAT the source addresses of the packets and not the destination address eg.

static (inside,outside) 172.16.5.1 192.168.5.1 netmask 255.255.255.255

means hosts on the outside connect to the host 172.16.5.1 which is natted to 192.168.5.1. But the source addresses of the hosts don't change.

With outside NAT you are changing the source addresses of the hosts eg.

nat (outside) 1 192.168.10.0 255.255.255.0 outside

global (inside) 1 interface

says that all external hosts with source IP addresses of 192.168.10.x will be natted to the inside interface IP address of the pix as they come from the outside and go to the inside.

HTH

Jon