[c-nsp] why to define both inside and outside interfaces when setting up nat?

h bagade bagadeh at gmail.com
Sun Aug 28 05:08:53 EDT 2011


Hi all,

I'm wondering why we should define both inside and outside interfaces to get
nat worked when we just only want to run inside source natting? In the case
of inside source nat, only outside interface is important for natting; the
packets are natted on their way outside so there is no need to specify
inside interfaces. Is there a specific reason that both inside and outside
interfaces should be specified?

here is an example of nat configuration:

interface GigabitEthernet0/0
 ip address 11.11.11.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1
 ip address 172.16.10.64 255.255.255.0
 ip nat outside
!
ip nat pool test 172.16.10.1 172.16.10.63 prefix-length 24
ip nat inside source list 7 pool test
!
access-list 7 permit 11.11.11.0 0.0.0.255
!

in this example, packets from inside network with source addresses of
11.11.11.0 are natted to the range (172.16.10.1-172.16.10.63) when exiting
GigabitEthernet0/1 which is outside interface. why should GigabitEthernet0/0
should be specified as inside interface to make the nat do its work?

any comments are appreciated.


More information about the cisco-nsp mailing list