[c-nsp] why to define both inside and outside interfaces when setting up nat?

John Elliot johnelliot67 at hotmail.com
Sun Aug 28 05:54:26 EDT 2011


You may have more interfaces where you do not want to nat.

> From: bagadeh at gmail.com
> Date: Sun, 28 Aug 2011 13:38:53 +0430
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] why to define both inside and outside interfaces when	setting up nat?
> 
> Hi all,
> 
> I'm wondering why we should define both inside and outside interfaces to get
> nat worked when we just only want to run inside source natting? In the case
> of inside source nat, only outside interface is important for natting; the
> packets are natted on their way outside so there is no need to specify
> inside interfaces. Is there a specific reason that both inside and outside
> interfaces should be specified?
> 
> here is an example of nat configuration:
> 
> interface GigabitEthernet0/0
>  ip address 11.11.11.1 255.255.255.0
>  ip nat inside
> !
> interface GigabitEthernet0/1
>  ip address 172.16.10.64 255.255.255.0
>  ip nat outside
> !
> ip nat pool test 172.16.10.1 172.16.10.63 prefix-length 24
> ip nat inside source list 7 pool test
> !
> access-list 7 permit 11.11.11.0 0.0.0.255
> !
> 
> in this example, packets from inside network with source addresses of
> 11.11.11.0 are natted to the range (172.16.10.1-172.16.10.63) when exiting
> GigabitEthernet0/1 which is outside interface. why should GigabitEthernet0/0
> should be specified as inside interface to make the nat do its work?
> 
> any comments are appreciated.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
 		 	   		  


More information about the cisco-nsp mailing list