NAT: Local and Global Definitions

Similar documents
Sample Configuration Using the ip nat outside source static

Sample Configuration Using the ip nat outside source list C

Configuring Static and Dynamic NAT Simultaneously

Configuring a Gateway of Last Resort Using IP Commands

IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

IOS NAT Load Balancing for Two ISP Connections

Document ID: Introduction

How To Configure InterVLAN Routing on Layer 3 Switches

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

ASA 8.3 and Later: Mail (SMTP) Server Access on Inside Network Configuration Example

PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example

Table of Contents. Cisco How Does Load Balancing Work?

Table of Contents. Cisco Mapping Outbound VoIP Calls to Specific Digital Voice Ports

Cisco Secure PIX Firewall with Two Routers Configuration Example

Microsoft Windows 2003 DNS Server for Wireless LAN Controller (WLC) Discovery Configuration Example

Lab Configuring Access Policies and DMZ Settings

Unity Error Message: Your voic box is almost full

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

ICS 351: Today's plan

PIX/ASA 7.x with Syslog Configuration Example

CRS 4.x: Automatic Work and Wrap up Time Configuration Example

PIX/ASA 7.x and above : Mail (SMTP) Server Access on Inside Network Configuration Example

Understanding Route Aggregation in BGP

Configuring DNS on Cisco Routers

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

CCProxy. Server Installation

Packet Tracer - Subnetting Scenario 1 (Instructor Version)

Table of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall

Unity Express Voice Mail Transfer Behavior

Configuring Cisco CallManager IP Phones to Work With IP Phone Agent

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Securing Networks with PIX and ASA

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

PIX/ASA 7.x: Enable FTP/TFTP Services Configuration Example

IP Addressing and Subnetting for New Users

Configure Backup Server for Cisco Unified Communications Manager

GregSowell.com. Mikrotik Basics

Database Replication Error in Cisco Unified Communication Manager

ASA 8.X: Routing SSL VPN Traffic through Tunneled Default Gateway Configuration Example

Configuring the Cisco Secure PIX Firewall with a Single Intern

Cisco Which VPN Solution is Right for You?

CCNA Discovery Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

BRI to PRI Connection Using Data Over Voice

Lab Organizing CCENT Objectives by OSI Layer

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Configuring Static and Dynamic NAT Translation

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

Using VDOMs to host two FortiOS instances on a single FortiGate unit

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Network Address Translation Commands

Configuration Management: Best Practices White Paper

Lab PC Network TCP/IP Configuration

PT Activity 8.1.2: Network Discovery and Documentation Topology Diagram

Packet Tracer - Connecting a Wired and Wireless LAN Topology

How to monitor network traffic inside an ESXi host

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Troubleshooting Load Balancing Over Parallel Links Using Cisco Express Forwarding

Scaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1

VMware vcloud Air Networking Guide

Enable SMTP Message Notifications in Cisco Unity Connection 8.x

CCT vs. CCENT Skill Set Comparison

Cisco Configuring Commonly Used IP ACLs

Configuring DHCP Snooping

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: Requirements

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

Troubleshooting the Firewall Services Module

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

Table of Contents. Cisco Disabling ICS when Preparing to Install or Upgrade to Cisco VPN Client 3.5.X on Microsoft Windows XP

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

Exercise 4 MPLS router configuration

BGP Best Path Selection Algorithm

CONNECTING THE RASPBERRY PI TO A NETWORK

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Configuring the Transparent or Routed Firewall

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

NATed Network Testing IxChariot

IP Addressing A Simplified Tutorial

Backup Cisco ICM Database in Microsoft SQL 2000

Configuration of Cisco Routers. Mario Baldi

You can probably work with decimal. binary numbers needed by the. Working with binary numbers is time- consuming & error-prone.

Networking Test 4 Study Guide

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Instructor Notes for Lab 3

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Appendix D: Configuring Firewalls and Network Address Translation

Configuring EtherChannel and 802.1Q Trunking Between Catalyst L2 Fixed Configuration Switches and Catalyst Switches Running CatOS

VPNC Interoperability Profile

Lab Configuring Access Policies and DMZ Settings

Lab Characterizing Network Applications

Chapter 11 Cloud Application Development

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks

Lab - Observing DNS Resolution

Evaluation guide. Vyatta Quick Evaluation Guide

Transcription:

NAT: Local and Global Definitions Document ID: 4606 Contents Introduction Prerequisites Requirements Components Used Conventions Term Definitions Examples Define Inside Local and Inside Global Addresses Define Outside Local and Outside Global Addresses Define All Local and Global Addresses Related Information Introduction This document defines and clarifies the Network Address Translation (NAT) terms of inside local, inside global, outside local, and outside global. Prerequisites Requirements There are no specific requirements for this document. Components Used This document is not restricted to specific software and hardware versions. Conventions Refer to the Cisco Technical Tips Conventions for more information on document conventions. Term Definitions Cisco defines these terms as: Inside local addressthe IP address assigned to a host on the inside network. This is the address configured as a parameter of the computer OS or received via dynamic address allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by the Network Information Center (NIC) or service provider. Inside global addressa legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world. Outside local addressthe IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside. Outside global addressthe IP address assigned to a host on the outside network by the host owner. The address is allocated from a globally routable address or network space.

These definitions still leave a lot to be interpreted. For this example, this document redefines these terms by first defining local address and global address. Keep in mind that the terms inside and outside are NAT definitions. Interfaces on a NAT router are defined as inside or outside with the NAT configuration commands, ip nat inside destination and ip nat outside source. Networks to which these interfaces connect can then be thought of as inside networks or outside networks, respectively. Local addressa local address is any address that appears on the inside portion of the network. Global addressa global address is any address that appears on the outside portion of the network. Packets sourced on the inside portion of the network have an inside local address as the source address and an outside local address as the destination address of the packet, while the packet resides on the inside portion of the network. When that same packet gets switched to the outside network, the source of the packet is now known as the inside global address and the destination of the packet is known as the outside global address. Conversely, when a packet is sourced on the outside portion of the network, while it is on the outside network, its source address is known as the outside global address. The destination of the packet is known as the inside global address. When the same packet gets switched to the inside network, the source address is known as the outside local address and the destination of the packet is known as the inside local address. This image provides an example. Examples These sections examine these terms more closely and use this topology and examples. Define Inside Local and Inside Global Addresses In this configuration, when the NAT router receives a packet on its inside interface with a source address of 10.10.10.1, the source address is translated to 171.16.68.5. This also means that when the NAT router receives

a packet on its outside interface with a destination address of 171.16.68.5, the destination address is translated to 10.10.10.1. ip nat inside source static 10.10.10.1 171.16.68.5! Inside host is known by the outside host as 171.16.68.5. interface s 0 ip nat inside interface s 1 ip nat outside You can issue the show ip nat translations command in order to verify the NAT translations in the router. In the ideal condition, the output of the show ip nat translations command is as shown here: 171.16.68.5 10.10.10.1 When the packet moves from the inside network to the outside network, the output of the show ip nat translations command is as shown here: icmp 171.16.68.5:15 10.10.10.1:15 171.16.68.1:15 171.16.68.1:15 171.16.68.5 10.10.10.1 Note: In this output of the NAT translations, the protocol entry shows ICMP because Ping is used to validate the entries. The Outside Local and Outside Global entries will have the same IP address of the Outside host, which is 171.16.68.1. The local addresses are addresses that appear on the inside cloud. Global addresses are addresses that appear on the outside cloud. Because of the way NAT is configured, the inside addresses are the only addresses that are translated. Therefore, the inside local address is different from the inside global address. This is what the packets look like when they are on the inside network and on the outside network. Define Outside Local and Outside Global Addresses In this configuration, when the NAT router receives a packet on its outside interface with a source address of 171.16.68.1, the source address is translated to 10.10.10.5. This also means that if the NAT router receives a

packet on its inside interface with a destination address of 10.10.10.5, the destination address is translated to 171.16.68.1. ip nat outside source static 171.16.68.1 10.10.10.5! Outside host is known to the inside host as 10.10.10.5. interface s 0 ip nat inside interface s 1 ip nat outside In the ideal condition, the output of the show ip nat translations command is as shown here: When the packet moves from the outside network to the inside network, the output of the show ip nat translations command is as shown here: icmp 10.10.10.1:37 10.10.10.1:37 10.10.10.5:37 171.16.68.1:37 Note: The Inside Global and Inside Local entries will have the same IP address of the Inside host, which is 10.10.10.1. The local addresses are addresses that appear on the inside cloud. Global addresses are addresses that appear on the outside cloud. In this example, because of the way NAT is configured, only the outside addresses get translated. Therefore, the outside local address is different from the outside global address. This is what the packets look like when they are on the inside network and on the outside network. Define All Local and Global Addresses In the this configuration, when the NAT router receives a packet on its inside interface with a source address of 10.10.10.1, the source address is translated to 171.16.68.5. The interface corresponding to IP address 10.10.10.1 is the Inside Local Address, whereas the interface corresponding to IP address 171.16.68.5 is the Inside Global Address. When the NAT router receives a packet on its outside interface with a source address

of 171.16.68.1, the source address is translated to 10.10.10.5. This also means that when the NAT router receives a packet on its outside interface with a destination address of 171.16.68.5, the destination address is translated to 10.10.10.1. Also, when the NAT router receives a packet on its inside interface with a destination address of 10.10.10.5, the destination address is translated to 171.16.68.1. ip nat inside source static 10.10.10.1 171.16.68.5! Inside host is known to the outside host as 171.16.68.5. ip nat outside source static 171.16.68.1 10.10.10.5! Outside host is known to the inside host as 10.10.10.5. interface s 0 ip nat inside interface s 1 ip nat outside In the ideal condition, the output of the show ip nat translations command is as shown here: 171.16.68.5 10.10.10.1 The local addresses are addresses that appear on the inside cloud, and the global addresses are addresses that appear on the outside cloud. Because of how NAT is configured in this case, both the inside addresses and the outside addresses are translated. Therefore, the inside local addresses are different from the inside global addresses and the outside local addresses are different from the outside global addresses. When the packet transfer is initiated from both the sides, the output of the show ip nat translations command is as shown here: icmp 10.10.10.1:4 10.10.10.1:4 10.10.10.5:4 171.16.68.1:4 icmp 171.16.68.5:39 10.10.10.1:39 171.16.68.1:39 171.16.68.1:39 171.16.68.5 10.10.10.1 This is what the packets look like when they are on the inside network and on the outside network.

In summary, the terms local and global are actually very straight forward when you think of them in terms of where they appear in the network. Local addresses appear on the inside portion of the network while global addresses appear on the outside portion of the network. Related Information Configuring Network Address Translation: Getting Started NAT Support Page IP Routing Support Page Technical Support & Documentation Cisco Systems Contacts & Feedback Help Site Map 2012 2013 Cisco Systems, Inc. All rights reserved. Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc. Updated: Aug 24, 2006 Document ID: 4606

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information