[c-nsp] Still confused by Cisco's NAT syntax
Vincent De Keyzer
vincent at autempspourmoi.be
Tue Jun 19 12:38:29 EDT 2007
Hello list,
after all these years, I am still not quite sure I understand Cisco's NAT
syntax.
I have read the famous "NAT Order of Operation" (CCO doc ID: 6209), and
"Configuring Network Address Translation: Getting Started" (CCO doc ID:
13772) documents, and I have two questions.
Let's first look at "inside-to-outside" translation. My understanding is the
following:
1. If packet arrives on an interface marked as "inside"
2. AND route for packet destination address is known via an interface
marked as "outside"
3. THEN translate source address
So in this case, NAT is triggered by a combination of "arriving on inside"
and "departing on outside".
My first question is: is my understanding of "inside-to-outside NAT"
correct?
Then comes "outside-to-inside" translation. things get trickier.
Cisco says that first comes NAT, then comes routing. This is confusing (and
this is my second question): since the router does not know the outgoing
interface yet at the time it has to perform NAT, it does not know if the
outgoing interface is going to be "inside" or "outside". so how does it know
it is supposed to NAT ? Or maybe outside-to-inside NAT is applied to ANY
packet that enters the router on an "outside" interface, whatever its
destination?... So in this case, NAT is triggered based on "arriving on
outside" only?
Vincent
More information about the cisco-nsp
mailing list