01-18-2009 01:19 PM - edited 03-06-2019 03:30 AM
In the below configuration, I would like to know whether the NAT only takes place for connections initiated from 30.x network on the inside to 40.x network on the outside OR even the other way round i.e. for connections originated from 40.x network to 30.x network.
interface GigabitEthernet0/0
ip address 20.20.20.1 255.255.255.0
ip nat outside
interface Serial0/0/0
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip nat inside source static network 30.30.30.0 40.40.40.0 /24
Solved! Go to Solution.
01-19-2009 08:07 AM
Instead of destination subnet, I will use the term NAT'd subnet.
The NAT'd subnet will be the representation of the internal subnet for devices facing the outside interface. With that said, connections made from the outside towards 40.40.40.0/24 will be translated to 30.30.30.0/24 in the inside as the router keeps a NAT table for reference.
HTH,
__
Edison.
01-18-2009 02:21 PM
ip nat inside source static network 30.30.30.0 40.40.40.0 /24
This command will translate source subnet 30.30.30.0/24 to 40.40.40.0/24 regardless the destination subnet.
HTH,
__
Edison.
01-19-2009 01:25 AM
Thank you. One more clarification
Will the destination subnet of 40.40.40.0/24 be Natt'ed to 30.30.30.0/24 for connections from Outside (i.e. GigabitEthernet) with this configuration.
If not, that what would be the configuration to achieve it.
Regards.
01-19-2009 08:07 AM
Instead of destination subnet, I will use the term NAT'd subnet.
The NAT'd subnet will be the representation of the internal subnet for devices facing the outside interface. With that said, connections made from the outside towards 40.40.40.0/24 will be translated to 30.30.30.0/24 in the inside as the router keeps a NAT table for reference.
HTH,
__
Edison.
01-19-2009 08:19 AM
Hi:
It seems as though you are a bit confused -- or maybe Im just misinterpreting your question.
The 40.x network, as you present it in the command configuration line, is not the destination network. This is not the network that a packet that was generated by a device on the 30.x network is destined for. In other words, this command is not saying "if you come from the 30.x network and are headed for the 40.x network, you will get NATed to some 3rd address block."
The command line is saying that hosts on the 30.x network will be source NATed to an address on the 40.x network. The packet may be destined for the 50.x network, or any other network. Its destination has no bearing on whether the user's source address will be NATed or not -- at least not in this command configuration line.
And the answer to your question is yes, of course, the packet will be reverse NATed after the outside NAT interface receives a response from the destination. The NAT appliance will look at the destination address of the packet it receives, check its NAT table and replace the inside global address on the 40.x network with the inside local address on the 30.x network.
HTH
Victor
01-19-2009 09:28 AM
Please refer
Seems like there is lack of clarity on this topic across the board.
01-19-2009 11:00 AM
There's no confusion across the board. You are the only one who is confused.
What Jon explained to you in detail is exactly what the book explained. The only difference is that Jon took the example to its logical conclusion by telling you what happens when the traffic returns to the source. I did the same for you.
Anyway, it's obvious. How could the source host ever receive return traffic from the destination if the NAT appliance doesnt perform a "reverse" NAT and replace the NAT address with the host's real address?
01-19-2009 11:35 AM
Please note, we are not discussing the 'return' traffic to the source here. Rather the issue is about connections originated from other than the source i.e. other networks connecting to the (inside source) as destination or NAT'ed subnet.
Thanks for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: