Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Confused About NAT Commands

Can anyone please explain the difference between the two NAT commands 'ip nat outside source' amd 'ip nat inside destination' ? As I understand it, the former command changes an outside address to a different address on the inside network to avoid confusion in the case where the inside network is using an address already allocated to some outside host, eg somebody is using Cisco's ip address 170.1.1.1 on their internal network.

Is the second command 'ip nat inside destination' just another way of doing the same thing to workaround this ambiguity problem ? I know it is translating the destination address, but isn't this achieved by the first command 'ip nat outside source' ? Surely the NAT translation is a two-way process ?

5 REPLIES
Blue

Re: Confused About NAT Commands

Ross,

Destination NAT is essentially server load balancing, distributing connections between multiple inside addresses.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091cb9.shtml

Destination Address Rotary Translation

A dynamic form of destination translation can be configured for some outside-to-inside traffic. Once a mapping is set up, a destination address matching one of those on an access list will be replaced with an address from a rotary pool. Allocation is done in a round-robin basis, performed only when a new connection is opened from the outside to the inside. All non-TCP traffic is passed untranslated (unless other translations are in effect).

This feature was designed to provide protocol translation load distribution. It is not designed nor intended to be used as a substitute technology for Cisco's LocalDirector product. Destination address rotary translation should not be used to provide web service load balancing because, like vanilla DNS, it knows nothing about service availability. As a result, if a web server were to become offline, the destination address rotary translation feature would continue to send requests to the downed server.

Please rate helpful posts.

Dave

New Member

Re: Confused About NAT Commands

can you provide some example to make it more clear??

New Member

Re: Confused About NAT Commands

Thanks for the information. I see that the command 'ip nat inside destination' is not concerned with internet addresses, but with TCP Load Balancing. I have checked the white paper you refered to, and also the document 'Cisco IOS IP Addressing Services Config Guide, Rel 12.4' (pg's 349-), but I'm not quite sure I understand what is going on here. I see that traffic from the outside destined for a virtual host on the inside is distributed on a round-robin basis amongst a pool of real hosts, but I cannot see the purpose of this. Surely each inside host is only interested in its own traffic ? Under what circumstances is this approach used ?

Blue

Re: Confused About NAT Commands

You could use this to load balance traffic to a group of servers with the same Web content. New connections would be evenly distributed to all the servers in the pool. The problem with this is that there is no intelligence that detects the readiness of a server in the pool. If one of the servers is turned off the NAT will still translate connections to that address, and those will fail. For this reason it is very rare to see destination NAT used in the real world.

Cisco sells many server load balancing products (CSS-115XX, Local Director)that do send keepalives to each server and drop them from the pool when they are not functioning. Other features like stickiness and SSL termination are also provided.

Please rate helpful posts.

Dave

New Member

Re: Confused About NAT Commands

Thanks for info, this has cleared up the confusion.

125
Views
8
Helpful
5
Replies