Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Direction of NAT from Destination to Source

Hi Everyone,

When  on ASDM  we have  this under  

Original Packet 

Source  Inside_hosts     

Destination  Outside_hosts

Then we have

Translated Packet  with

Source  Inside_hosts_natted

Destination Outside_hosts_natted

So NAT is bidirectional  and when packet comes       back from Destination to source then Source IP  which is Destination Real source will be

Outside_hosts_natted?

We can also write this in format below

inside_ hosts  inside_hosts_natted    Outside_hosts  Outside_hosts_natted

which is equal to

inside local  inside global   outside gloabl  outside local?

       Regards

MAhesh                            

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: Direction of NAT from Destination to Source

Hi Mahesh,

It depends on the actual configuration.

If its a Dynamic NAT or Dynamic PAT then it is not bidirectional because destination hosts cannot initiate connections towards the source hosts in the NAT configuration

If its a Static NAT / Static PAT / Identity NAT / NAT0 configuration then its naturally bidirectional in the sense that both source and destination can initiate the connection.

Though in the case of Dynamic type of NAT/PAT, naturally the return traffic will flow from the destination back to the source using this same translation. So in that sense it bidirectional BUT connections cant be initiated from the destination networks defined in the NAT configuration.

Though I would imagine there are some exception to this depending how the ACLs are configured and what kind of translations are active before the destination network attempts to open a connection. Some existing translation together with the destination interface ACL might make it possible for some connectivity. But in normal situation it wouldnt really be bidirectional.

- Jouni

2 REPLIES
Super Bronze

Re: Direction of NAT from Destination to Source

Hi Mahesh,

It depends on the actual configuration.

If its a Dynamic NAT or Dynamic PAT then it is not bidirectional because destination hosts cannot initiate connections towards the source hosts in the NAT configuration

If its a Static NAT / Static PAT / Identity NAT / NAT0 configuration then its naturally bidirectional in the sense that both source and destination can initiate the connection.

Though in the case of Dynamic type of NAT/PAT, naturally the return traffic will flow from the destination back to the source using this same translation. So in that sense it bidirectional BUT connections cant be initiated from the destination networks defined in the NAT configuration.

Though I would imagine there are some exception to this depending how the ACLs are configured and what kind of translations are active before the destination network attempts to open a connection. Some existing translation together with the destination interface ACL might make it possible for some connectivity. But in normal situation it wouldnt really be bidirectional.

- Jouni

Community Member

Direction of NAT from Destination to Source

Hi Jouni,

You expalined everything very good.

Got it now.

Best regards

MAhesh

127
Views
0
Helpful
2
Replies
CreatePlease to create content