Skip navigation
Login   |   Register
Cisco Learning Home > Certifications > Routing & Switching (CCNA) > Discussions

_Communities

This Question is Answered 2 Helpful Answers available (2 pts)
79401 Views 17 Replies Latest reply: Sep 9, 2014 5:29 AM by Mihai RSS 1 2 Previous Next

Currently Being Moderated

ip nat inside VS ip nat outside

Mar 25, 2012 9:31 PM

Krishna 770 posts since
Aug 24, 2011

Hi,

 

Screenshot.jpeg

 

Please refer the attached diagram. I'm configuring NAT on Router.

 

Interface E0 is the nat inside and E1 is the nat outside ports.

 

What difference it would make if I apply ip nat inside instead of ip nat outside and vice versa?

 

Krishna

  • Vijay Swaminathan 491 posts since
    Aug 29, 2008
    Currently Being Moderated
    1. Mar 25, 2012 9:43 PM (in response to Krishna)
    Re: ip nat inside VS ip nat outside

    Krishna,

     

    Typically "ip nat inside" is configured on the interfaces in your local environment which cannot be routed to the internet(typically private rnage of IP Addresses) and  and "ip nat outside" we would configure on the interface which is connected to the internet

     

    in the above example the address on the E0 interface of the router are in the private range 10.x.x.x so it cannot be routed to the internet. if the clients have addresses in this range, then we need to translate into an address (public IP) that could be routed through the internet. so the interface that has the public IP (In this case E1) typically will have "ip nat outside " configured and any traffic from the client would have its source ip address translated from 10.x.x.x to 192.x.x.x and then goes to the internet. the ip nat inside and outside commands tells you which address have to be translsated and to which IP address it has to be is translated to . if you interchange that ,, the translation might happen but the connectivity to internet will not work.

     

    HTH

    -Vijay

    Join this discussion now: Login / Register
  • Vijay Swaminathan 491 posts since
    Aug 29, 2008
    Currently Being Moderated
    3. Mar 25, 2012 10:26 PM (in response to Krishna)
    Re: ip nat inside VS ip nat outside

    ip nat inside source static 12.1.1.1 9.9.9.1 --> this performs translation for the inbound traffic

     

     

     

    ip nat outside source static 12.1.1.1 9.9.9.1  -> Performs translation for the outbound traffic.

     

    HTH

    -Vijay

    Join this discussion now: Login / Register
  • Jitendra 80 posts since
    Apr 28, 2011
    Currently Being Moderated
    5. Mar 25, 2012 10:47 PM (in response to Vijay Swaminathan)
    Re: ip nat inside VS ip nat outside

    HI,

     

    We can define INSIDE statement on source ineterface  and and OUTSIDE interfece on the WAN/ INTERNET interface.

     

    In the above scenerio application will stop working if you do the changes.

    We can also use the change staement with the changes on interface statment configuration vice versa.

     

    Regards

    Jitendra

    Join this discussion now: Login / Register
  • Jitendra 80 posts since
    Apr 28, 2011
    Currently Being Moderated
    7. Mar 26, 2012 1:22 AM (in response to Krishna)
    Re: ip nat inside VS ip nat outside

    ip nat inside source static 12.1.1.1 9.9.9.1 : When traffic  recieve from source (12.1.1.1 ) means interface ocnfigured with nat INSIDE transalte  with 9.9.9.1

     

                     VS

     

    ip nat outside source static 12.1.1.1 9.9.9.1: When traffic  recieve from source (12.1.1.1 ) means interface ocnfigured with nat outside transalte  with 9.9.9.1.

    Join this discussion now: Login / Register
  • Daniel 239 posts since
    Jul 21, 2011
    Currently Being Moderated
    8. Mar 26, 2012 1:50 AM (in response to Krishna)
    Re: ip nat inside VS ip nat outside

    Hi Krishna,

     

    I think you will have a great understanding of NAT and difference between outside and inside if you read this:

     

    http://blog.ine.com/2008/02/15/the-inside-and-outside-of-nat/

     

    It's a bit old, but a great source!

     

    There are several tutorials/sample configurations on the cisco-page as well where as one is: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml

     

     

    NAT is a "complicated" process if you break it down, but listen to what Jitendra said :). With NAT you define which interfaces that should be defined as "inside" and "outside" in your configuration. Then you can choose which address translates into which address with the ip nat inside/outside translation.

     

    In your case it's the difference between translating 12.1.1.1 into 9.9.9.1 on the pre-defined inside or outside interface!

     

     

    As a side note, you also use the ip nat command to do what most other vendors would call "port-forwarding" to internal hosts.

     

    HTH

    -Daniel

    Join this discussion now: Login / Register
  • Daniel 239 posts since
    Jul 21, 2011
    Currently Being Moderated
    10. Mar 27, 2012 2:03 AM (in response to Krishna)
    Re: ip nat inside VS ip nat outside

    Hi Krishna,

     

    Glad to hear that you found your answer.

     

    I know you read it but just wanted to remind you that this information text should not be ignored below that table as it confirms your "thoughts" about the difference about labeling the interfaces!

     

     

    "What the above guidelines indicate is that there is more than one way to translate a packet. Depending on your specific needs, you should determine how to define the NAT interfaces (inside or outside) and what routes the routing table should contain before or after translation. Keep in mind that the portion of the packet that will be translated depends upon the direction the packet is traveling, and how you configured NAT."

     

    -Daniel

    Join this discussion now: Login / Register
  • Diya 3 posts since
    Jun 26, 2009
    Currently Being Moderated
    11. Aug 27, 2013 12:21 PM (in response to Krishna)
    Re: ip nat inside VS ip nat outside

    Hi

     

    I have searched alot about the exact information Krishna looked for but strangly i was  not able to find any topic about it, they mostly talk about ip nat inside, anyway, after testing, i found one difference that the ip nat inside -as usual- translate the destination address of the returning traffic, but ip nat outside doesn't translate the destination address of the returning traffic, and again this is after testing

    Join this discussion now: Login / Register
  • Daniel 239 posts since
    Jul 21, 2011
    Currently Being Moderated
    12. Aug 28, 2013 5:12 AM (in response to Diya)
    Re: ip nat inside VS ip nat outside

    Hi Diya,

     

    Didn't really understood what you asked but....basically you can statically like this:

    ip nat inside source static 10.0.0.1 100.100.100.100

    ip nat outside source static 100.100.100.100 10.0.0.1

     

    The difference is which source address to translate into which address.

     

    ip nat inside source static 10.0.0.1 100.100.100.100

     

    It will translate packets with a source address of 10.0.0.1 received on the inside interface into 100.100.100.100 on the outside interface.

     

    It will also translate packets with a destination address of 100.100.100.100 received on the outside interface into 10.0.0.1 on the inside interface.

     

    ip nat outside source static 10.0.0.1 100.100.100.100

     

    It will translate packets with a source address of 10.0.0.1 received on the outside interface into 100.100.100.100 on the inside interface.

     

    It will also translate packets with a destination address of 100.100.100.100 received on the inside interface into 10.0.0.1 on the outside interface.

     

    Is that what you meant?

     

    HTH,

    Daniel

    Join this discussion now: Login / Register
  • Diya 3 posts since
    Jun 26, 2009
    Currently Being Moderated
    13. Aug 28, 2013 7:01 AM (in response to Daniel)
    Re: ip nat inside VS ip nat outside

    Hi Daniel,

     

    Thank you for your reply,  i meant ip nat OUTSIDE's behaviour is a little bit defferent

     

     

    Daniel wrote:

     

    ip nat outside source static 10.0.0.1 100.100.100.100

     

    It will translate packets with a source address of 10.0.0.1 received on the outside interface into 100.100.100.100 on the inside interface.

     

    It will also translate packets with a destination address of 100.100.100.100 received on the inside interface into 10.0.0.1 on the outside interface.

     

     

    and that is after testing, i found it in contrast with ip nat inside, it doesn't translate the destination address, please make sure.

    Join this discussion now: Login / Register
  • Daniel 239 posts since
    Jul 21, 2011
    Currently Being Moderated
    14. Aug 28, 2013 1:58 PM (in response to Diya)
    Re: ip nat inside VS ip nat outside

    Hi again,

     

    How have you tested this?

     

    The NAT-function works the same with the difference of which "interface" to translate the source address from.

     

    I ask because normally you would translate "public" source addresses with the outside command, and private source addresses with the inside command. And you can do some nasty things in a lab that wouldn't be routable in "real" networks. (mainly, you wouldn't be able to ping 10.0.0.1 if it has to be routed over internet obviously....but you can simulate 10.0.0.0/8 as the internet in a lab and make it pingable)

     

    I rarely use the outside command or see it, but i've seen it come to good use with VPN-tunnels and connections to "NAT" the source address into something else that doesn't conflict with other branches....that typically happens when many people use the same networks on their LAN's.

    Join this discussion now: Login / Register

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)