I try to transfer Cisco NAT terms to what students are used from their experience with Linksys home routers.
On the small machines, you have a LAN interface and a WAN interface, let's say with the LAN sporting 192.168.1.1/24 and the WAN getting a dynamic IP from the provider, let's say 18.104.22.168.
So far so good.
The LAN IP is an inside local address, while the WAN IP is an inside global address.
So when any client from the 'LAN connects to www.cisco.com, its IP Address (which is inside local, too) gets translated to the inside global address of the router (=the WAN address, 22.214.171.124). The return packets are retranslated and everything is fine.
This can be done by static NAT, but then you get two drawbacks:
1. You are limited to a single host in the LAN
2. This host is fully exposed to the internet, unless you place some ACLs.
Now what is normally done is dynamic NAT with 1 WAN (=inside global) address, i.e. overloading.
There you have a bunch of LAN clients being translated to that single WAN address. Return packets will arrive at the clients, since the sessions are separated by the router by different port numbers.
But now you can't connect from the Internet to the LAN-addresses, unless you specify some sort of portforwarding on the router:
"If there are incoming packets at the WAN interface with destination port tcp:8080, send them to LAN 192.168.1.100:80" On that machine, there is the webserver you want to make available from the outside.
How would this scenario be realized with an IOS router ?
My first guess was something like "ip nat outside destination ..." but that's no valid expression.
Thanks in advance,