Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Packets are not routed properly between NAT inside and outside networks due to order of operation

Core Issue

When Network Address Translation (NAT) is configured on a router, the packets forwarded between the inside and outside interfaces that match the specified criteria are translated by the NAT router. The order of routing and address translation differs based on the direction of the traffic flow. The most common reason for routing failures when NAT is configured is insufficient information or lack of information on the routers while following this order of operation.

For packets traveling from the inside to the outside network, the router routes the packet before translating. The router needs a route for the destination address of the packet that arrives on the inside interface. Otherwise, it gets dropped. The address is then translated if it is forwarded out of the outside interface and matches the specified criteria. The translation is done based on an existing entry available in the NAT table, or a new entry is created depending on static or dynamic configuration of NAT.

For packets traveling from the outside to the inside network, the NAT router translates the address and then routes the packet. The router checks the NAT table to decide whether the packet will be translated. Then it checks the routing table for a route to the destination address in the packet, and packets are again dropped if there is no route available.

Resolution

To determine if a route is available for the destination address, issue the show ip route command from privileged EXEC mode. If there is no route available, configure either a static route or a routing protocol to learn the destination network pointing to the correct interface.

If you are using a default route using the 0.0.0.0/0 network, issue the ip classless command under global configuration mode. This command is necessary for routing packets to unknown subnets of a major network whose other subnets exist in the routing table.

To determine if there is a translation entry available for a particular address and view the NAT table, issue the show ip nat translations command.

For a sample case and more information on the operation order with other features configured on a NAT interface, refer to NAT Order of Operation.

For more information on NAT, refer to

How NAT Works

Configuring Network Address Translation: Getting Started.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 06:05 PM
Updated by:
 
Labels (1)