cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
570
Views
5
Helpful
7
Replies

NAT Query

cisco_lite
Level 1
Level 1

In the below configuration, I would like to know whether the NAT only takes place for connections initiated from 30.x network on the inside to 40.x network on the outside OR even the other way round i.e. for connections originated from 40.x network to 30.x network.

interface GigabitEthernet0/0

ip address 20.20.20.1 255.255.255.0

ip nat outside

interface Serial0/0/0

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip nat inside source static network 30.30.30.0 40.40.40.0 /24

1 Accepted Solution

Accepted Solutions

Instead of destination subnet, I will use the term NAT'd subnet.

The NAT'd subnet will be the representation of the internal subnet for devices facing the outside interface. With that said, connections made from the outside towards 40.40.40.0/24 will be translated to 30.30.30.0/24 in the inside as the router keeps a NAT table for reference.

HTH,

__

Edison.

View solution in original post

7 Replies 7

Edison Ortiz
Hall of Fame
Hall of Fame

ip nat inside source static network 30.30.30.0 40.40.40.0 /24

This command will translate source subnet 30.30.30.0/24 to 40.40.40.0/24 regardless the destination subnet.

HTH,

__

Edison.

Thank you. One more clarification

Will the destination subnet of 40.40.40.0/24 be Natt'ed to 30.30.30.0/24 for connections from Outside (i.e. GigabitEthernet) with this configuration.

If not, that what would be the configuration to achieve it.

Regards.

Instead of destination subnet, I will use the term NAT'd subnet.

The NAT'd subnet will be the representation of the internal subnet for devices facing the outside interface. With that said, connections made from the outside towards 40.40.40.0/24 will be translated to 30.30.30.0/24 in the inside as the router keeps a NAT table for reference.

HTH,

__

Edison.

Hi:

It seems as though you are a bit confused -- or maybe Im just misinterpreting your question.

The 40.x network, as you present it in the command configuration line, is not the destination network. This is not the network that a packet that was generated by a device on the 30.x network is destined for. In other words, this command is not saying "if you come from the 30.x network and are headed for the 40.x network, you will get NATed to some 3rd address block."

The command line is saying that hosts on the 30.x network will be source NATed to an address on the 40.x network. The packet may be destined for the 50.x network, or any other network. Its destination has no bearing on whether the user's source address will be NATed or not -- at least not in this command configuration line.

And the answer to your question is yes, of course, the packet will be reverse NATed after the outside NAT interface receives a response from the destination. The NAT appliance will look at the destination address of the packet it receives, check its NAT table and replace the inside global address on the 40.x network with the inside local address on the 30.x network.

HTH

Victor

There's no confusion across the board. You are the only one who is confused.

What Jon explained to you in detail is exactly what the book explained. The only difference is that Jon took the example to its logical conclusion by telling you what happens when the traffic returns to the source. I did the same for you.

Anyway, it's obvious. How could the source host ever receive return traffic from the destination if the NAT appliance doesnt perform a "reverse" NAT and replace the NAT address with the host's real address?

Please note, we are not discussing the 'return' traffic to the source here. Rather the issue is about connections originated from other than the source i.e. other networks connecting to the (inside source) as destination or NAT'ed subnet.

Thanks for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco