×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Direction of NAT from Destination to Source

Answered Question
Jul 29th, 2013
User Badges:

Hi Everyone,


When  on ASDM  we have  this under  


Original Packet 


Source  Inside_hosts     


Destination  Outside_hosts


Then we have


Translated Packet  with


Source  Inside_hosts_natted


Destination Outside_hosts_natted



So NAT is bidirectional  and when packet comes       back from Destination to source then Source IP  which is Destination Real source will be

Outside_hosts_natted?


We can also write this in format below


inside_ hosts  inside_hosts_natted    Outside_hosts  Outside_hosts_natted


which is equal to


inside local  inside global   outside gloabl  outside local?


       Regards

MAhesh                            

Correct Answer by Jouni Forss about 4 years 3 weeks ago

Hi Mahesh,


It depends on the actual configuration.


If its a Dynamic NAT or Dynamic PAT then it is not bidirectional because destination hosts cannot initiate connections towards the source hosts in the NAT configuration


If its a Static NAT / Static PAT / Identity NAT / NAT0 configuration then its naturally bidirectional in the sense that both source and destination can initiate the connection.


Though in the case of Dynamic type of NAT/PAT, naturally the return traffic will flow from the destination back to the source using this same translation. So in that sense it bidirectional BUT connections cant be initiated from the destination networks defined in the NAT configuration.


Though I would imagine there are some exception to this depending how the ACLs are configured and what kind of translations are active before the destination network attempts to open a connection. Some existing translation together with the destination interface ACL might make it possible for some connectivity. But in normal situation it wouldnt really be bidirectional.


- Jouni

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jouni Forss Mon, 07/29/2013 - 18:40
User Badges:
  • Super Bronze, 10000 points or more

Hi Mahesh,


It depends on the actual configuration.


If its a Dynamic NAT or Dynamic PAT then it is not bidirectional because destination hosts cannot initiate connections towards the source hosts in the NAT configuration


If its a Static NAT / Static PAT / Identity NAT / NAT0 configuration then its naturally bidirectional in the sense that both source and destination can initiate the connection.


Though in the case of Dynamic type of NAT/PAT, naturally the return traffic will flow from the destination back to the source using this same translation. So in that sense it bidirectional BUT connections cant be initiated from the destination networks defined in the NAT configuration.


Though I would imagine there are some exception to this depending how the ACLs are configured and what kind of translations are active before the destination network attempts to open a connection. Some existing translation together with the destination interface ACL might make it possible for some connectivity. But in normal situation it wouldnt really be bidirectional.


- Jouni

mahesh18 Mon, 07/29/2013 - 19:00
User Badges:

Hi Jouni,


You expalined everything very good.

Got it now.


Best regards

MAhesh

Actions

This Discussion