Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

NAT issues

I've been researching this and cannot find any documentation that says it should or should not happen. It doesn't seem right.

I configure NAT on a router. Identify e0 as IP NAT INSIDE and s0 as IP NAT OUTSIDE. When I ping from the ethernet the source is translated going out s0. Thats fine. The problem is that translation also takes place if I ping out the serial from the serial's address, a loopback in the NAT router or any other interface on the router whether its marked inside or outside or nothing at all. The way I read the config guides NAT should only happen if the traffic enters an INSIDE interface. I know I can eliminate the excess NATing with an access list but is this working correctly? Is this documented anywhere? And finally, is there a simple command to tell it not to NAT connected interfaces?


Re: NAT issues

Never encountered the issue. What puzzles me is how you select interesting traffic for NAT. As far as I know you can limit what gets NATted by defining an access-list that covers just the desired range. I have used this a lot and it works. My preliminary conclusion is that you might have an access-list that matches all traffic.




Re: NAT issues

Yes I do. My problem is that I think that access list should only be applied to traffic that come in an interface defined as IP NAT INSIDE. Its acting like the router is considered inside, even the interface defined as OUTSIDE.


Re: NAT issues

NAT operation is not defined between "unlabeled" and "labeled" (Inside or outside) interfaces. Whether or not NAT will occur will depend upon the IOS release, the direction of traffic, whether other traffic has been NATted, and who knows what else. I have also run into IOS releases where anything going through an outside interface may be NATted, regardless of what other interfaces are involved. A royal pain!

As a postscript for lurkers, yes, this behavior is mentioned, albeit in passing, in chapter 11 of my book.

Vincent C Jones

CreatePlease to create content