05-21-2003 08:55 AM - edited 03-02-2019 07:31 AM
Hello again, Have not been on here for a while. letting my brain re-juice after the 350-001 exam.
Anyway, NAT.
The statement from all documentation is "In order for NAT to take place, a packet must be switched from a NAT "inside" defined interface to a NAT "outside" defined interface or vice-versa. "
but -
When does the router actually do the NAT translation? If it does the translation before it does the routing (like on the outside-to-Inside order of operation), how does it know that the packet is heading for a NAT enabled interface?
I have never got an awnser to this simple question and am wondering if you guys, can help explain the process.
Hope Celtic win tonight in Spain ;)
Bye.
05-21-2003 10:33 AM
Check the following link for NAT order of operation
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
05-21-2003 11:10 AM
Hi, :)
This is fine and I have seen this documentation, but there is one key element missing. There must be a router table held in memory to say that when (say an initial packet from outside to inside)the packet arrives, it participates in NAT as it has not yet got to the inside interface and the statement quite clearly says, "In order for NAT to take place, a packet must be switched from a NAT "inside" defined interface to a NAT "outside" defined interface or vice-versa. "
This is a fundemental point and I need to understand this.
Anyone from the NAT team in Cisco pleeeeaaassee!!!!!!
Many thx indeed.
Ken
05-21-2003 12:48 PM
Your concern is with a packet entering an outside interface, and how the router knows whether or not the packet is destined for an inside interface.
The router will look at the destination address. If this destination is in the NAT translation table, it will be translated, then routed to the appropriate inside interface. If it is not in the NAT translation table, it will be routed without any translation.
HTH
Mark
05-21-2003 01:24 PM
Hi,
When does the router actually do the NAT operation ?
That depends on direction of traffic. When traffic goes from inside to outside, as the statement says, the packet has to be first routed(switched), for which the router consults the routing table. Once its routed to the destination interface, it check whether the interface is configured for NAT outside. If yes it checks for an entry in the translation table and if an entry exists, uses that same translation, and if one doesnt exist, then it uses one of the IP address/PORT combination, depending on NAT/PAT.
When the traffic comes from outside to inside, the traffic coming back is checked against the translation table, and if a matching entry exists, it first Translates back the destination address of the packet to the Local address space, and then it consults the routing table for routing the packet.
Your question "how does it know that the packet is heading for a NAT enabled interface" It doesnt need to know which NAT enabled interface, the packet is headed for because, The router first does a translation of the destination ip address of the packet, into an address from the Inside Local IP address space, and then routes the packet using the Local IP address space as destination.
05-21-2003 11:08 PM
umm. but what if the outside device starts the connection
and you use the ip nat outside source static command
we are translating the SIP for a packet coming outside-to-inside
Surely, the documentation is not quite right, as it would HAVE to route before it translated to ensure that the interface is NAT enabled.
Remember, in the scenario, we are only interested in SIP translation from outside-to-inside -- so the destination IP address may be to 1.1.1.1 (out of e0-nat enabled) or 2.2.2.2 (out of e1-no NAT enabled)
ip nat outside source
translates the source of the IP packets that are traveling outside to inside
translates the destination of the IP packets that are traveling inside to outside
ip nat inside source
translates the source of IP packets that are traveling inside to outside
translates the destination of the IP packets that are traveling outside to inside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: