Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
2
Replies

NAT Confussion

eric.owens
Level 1
Level 1

‎09-09-2003 09:58 AM - edited ‎03-02-2019 10:13 AM

I am hoping that someone can clear up some confusion for me, as I am trying to learn NAT and am confused by the Cisco documentation surrounding it. In the NAT overview, it states that bi-directional translation is accomplished via the use of both inside and outside source. Yet the getting started guide says to configure inside and outside interfaces. Please consider the below configs (both addresses in the source statement are in the same network--it would be difficult and time consuming to explain the 'why' for this 'solution'):

r1

!

ip nat inside source static x.x.y.55 x.x.y.155

!ip nat inside source static x.x.y.56 x.x.y.155 (this will be used for failover)

!

interface ethernet 0/1

ip address x.x.y.11

ip nat inside

standby 2 ip x.x.y.10

!

!

interface Serial2/0

ip nat outside

!

interface Serial2/5

ip nat outside

r2

!

ip nat inside source static x.x.y.55 x.x.y.155

!ip nat inside source static x.x.y.56 x.x.y.155 (this will be used for failover)

!

interface ethernet 0/1

ip address x.x.y.12

ip nat inside

standby 2 ip x.x.y.10

!

!

interface BRI2/0

ip nat outside

!

interface Serial2/5

ip nat outside

Since I do not want bi-directional traffic, shouldn't I be removing the 'ip nat outside' statements?

Thanks,

Eric

Labels:
0 Helpful
2 Replies 2

t-evens
Level 1
Level 1

‎09-09-2003 10:39 AM

Eric,

No...

Based one your configs, it would lead me to believe that you are trying to create a virtual ip address and provide failover (manual) between routers and hosts. If NAT doesn't work out for you, you may want to look into IOS SLB.

To clear up the inside/outside terms. The router performs NAT ONLY when traffic is coming from the [inside] interface going to the [outside] interface and visa versa. Thus, for NAT to work, you must have both an inside (ingress) and an outside (egress)interface. Traffic must flow from one to the other for the router to perform NAT. Thus, two inside interfaces passing traffic will not perform NAT, likewise for two or more outside interfaces.

I'm not sure of your intentions with your NAT config, but I can tell you based on your config that x.x.y.55 will be known to the outside interfaces (serials and bri) as x.x.y.155. This means, that when x.x.y.55 passes traffic to hosts on the outside interfaces the router will translate it's source address to x.x.y.155. Likewise for outside hosts passing traffic to x.x.y.155. It is bi-directional in the sense that it dosn't matter if the traffic originates on either side.

Hope this helps.

--Tim

0 Helpful

eric.owens
Level 1
Level 1
In response to t-evens

‎09-09-2003 10:49 AM

Thanks, Tim. It does help; that light bulb string sometimes needs an extra effort...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents