Nat Question?

UsualSuspect7UsualSuspect7 MemberPosts: 76Member ■■■□□□□□□□
Hey, Everyone!

I have a question pertaining to NAT can someone explain the differences between: Inside Global, Inside Local, Outside Local, and Outside Global.

I understand the Inside part.... well I think:

Inside Local would be the local IP assigned to the host. Then when the packet hit's the Nat router it's translated to the Inside Global to communicate on the internet with a public IP.


My question is what in the world is Outside Global, and Outside Local?

Is this the return traffic from the remote destination? or is it that the inside local get's translated at the incoming port on the router interface then becomes the inside global if it's on the company intranet, but when it leaves it becomes outside global?
CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, CSAP+


Comments

  • networker050184networker050184 Posts: 11,962Mod Mod
    The example I like to use for these is a load balancer doing SNAT (Source NAT) for a website.

    An HTTP request comes in from the internet with source IP 1.1.1.1 (outside global) and hits your LB destined to 2.2.2.2 (inside global) which is the VIP for your site.

    LB translates the source to itself 3.3.3.3 (outside local) so that all return traffic goes to the LB and translates the destination to 4.4.4.4 (inside local) to send to one of the real servers.
    An expert is a man who has made all the mistakes which can be made.
  • TechGromitTechGromit A+, N+, GSEC, GCIH, GREM, Ontario, NY Posts: 1,905Member ■■■■■■■■□□
    My question is what in the world is Outside Global, and Outside Local?

    Outside Global is the address of the internet IP address your connecting to, think CNN. Outside Local is the Private address of the server inside CNN's organization your connecting to. Usually you do not know this address unless they give it to you on an exam.

    translates the destination to 4.4.4.4 (inside local) to send to one of the real servers.

    Usually inside local (or outside local) is a private IP address, it would be very unusual for a company to use an internet route-able address in there local network, but if that's what the exam says, that's what it is.
    inside global if it's on the company intranet

    Inside Global would be the company portal to the internet, what the internal LAN private Address get converted to, to communicate with internet sites/IP addresses. Or if the company runs it's own web server, it would be what the internet DNS resolves to, to point to there site's Internet IP address (such as CNN).
    Still searching for the corner in a round room.
  • UsualSuspect7UsualSuspect7 Member Posts: 76Member ■■■□□□□□□□
    thank you,
    CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, CSAP+


Sign In or Register to comment.