cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
239
Views
0
Helpful
5
Replies

NAT - A simple but yet unawnsered question 12 months on.... :))

kfarrington
Level 3
Level 3

Hello again, Have not been on here for a while. letting my brain re-juice after the 350-001 exam.

Anyway, NAT.

The statement from all documentation is "In order for NAT to take place, a packet must be switched from a NAT "inside" defined interface to a NAT "outside" defined interface or vice-versa. "

but -

When does the router actually do the NAT translation? If it does the translation before it does the routing (like on the outside-to-Inside order of operation), how does it know that the packet is heading for a NAT enabled interface?

I have never got an awnser to this simple question and am wondering if you guys, can help explain the process.

Hope Celtic win tonight in Spain ;)

Bye.

5 Replies 5

olorunloba
Level 5
Level 5

Hi, :)

This is fine and I have seen this documentation, but there is one key element missing. There must be a router table held in memory to say that when (say an initial packet from outside to inside)the packet arrives, it participates in NAT as it has not yet got to the inside interface and the statement quite clearly says, "In order for NAT to take place, a packet must be switched from a NAT "inside" defined interface to a NAT "outside" defined interface or vice-versa. "

This is a fundemental point and I need to understand this.

Anyone from the NAT team in Cisco pleeeeaaassee!!!!!!

Many thx indeed.

Ken

Your concern is with a packet entering an outside interface, and how the router knows whether or not the packet is destined for an inside interface.

The router will look at the destination address. If this destination is in the NAT translation table, it will be translated, then routed to the appropriate inside interface. If it is not in the NAT translation table, it will be routed without any translation.

HTH

Mark

Hi,

When does the router actually do the NAT operation ?

That depends on direction of traffic. When traffic goes from inside to outside, as the statement says, the packet has to be first routed(switched), for which the router consults the routing table. Once its routed to the destination interface, it check whether the interface is configured for NAT outside. If yes it checks for an entry in the translation table and if an entry exists, uses that same translation, and if one doesnt exist, then it uses one of the IP address/PORT combination, depending on NAT/PAT.

When the traffic comes from outside to inside, the traffic coming back is checked against the translation table, and if a matching entry exists, it first Translates back the destination address of the packet to the Local address space, and then it consults the routing table for routing the packet.

Your question "how does it know that the packet is heading for a NAT enabled interface" It doesnt need to know which NAT enabled interface, the packet is headed for because, The router first does a translation of the destination ip address of the packet, into an address from the Inside Local IP address space, and then routes the packet using the Local IP address space as destination.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

umm. but what if the outside device starts the connection

and you use the ip nat outside source static command

we are translating the SIP for a packet coming outside-to-inside

Surely, the documentation is not quite right, as it would HAVE to route before it translated to ensure that the interface is NAT enabled.

Remember, in the scenario, we are only interested in SIP translation from outside-to-inside -- so the destination IP address may be to 1.1.1.1 (out of e0-nat enabled) or 2.2.2.2 (out of e1-no NAT enabled)

ip nat outside source

translates the source of the IP packets that are traveling outside to inside

translates the destination of the IP packets that are traveling inside to outside

ip nat inside source

translates the source of IP packets that are traveling inside to outside

translates the destination of the IP packets that are traveling outside to inside

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: