[c-nsp] why to define both inside and outside interfaces when setting up nat?
Gert Doering
gert at greenie.muc.de
Sun Aug 28 05:54:00 EDT 2011
Hi,
On Sun, Aug 28, 2011 at 01:38:53PM +0430, h bagade wrote:
> I'm wondering why we should define both inside and outside interfaces to get
> nat worked when we just only want to run inside source natting? In the case
> of inside source nat, only outside interface is important for natting; the
> packets are natted on their way outside so there is no need to specify
> inside interfaces. Is there a specific reason that both inside and outside
> interfaces should be specified?
You could have multiple inside and outside interfaces, and the router
needs to know when to NAT and when *not* to NAT.
> in this example, packets from inside network with source addresses of
> 11.11.11.0 are natted to the range (172.16.10.1-172.16.10.63) when exiting
> GigabitEthernet0/1 which is outside interface. why should GigabitEthernet0/0
> should be specified as inside interface to make the nat do its work?
This is how IOS NAT is defined: NAT will apply when a packet traverses
from an "inside" to an "outside" interface - and this is cool, because it
gives you lots of flexibility for non-standard rules.
Unfortunately, lots of people have complained that this is too complicated
(after all, their $30-only-a-single-WAN-Interface router at home can do
it with a single click) so now we have the abomination of NVIs...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110828/84b03c7c/attachment.pgp>
More information about the cisco-nsp
mailing list