Nat Question?

Hey, Everyone!

I have a question pertaining to NAT can someone explain the differences between: Inside Global, Inside Local, Outside Local, and Outside Global.

I understand the Inside part.... well I think:

Inside Local would be the local IP assigned to the host. Then when the packet hit's the Nat router it's translated to the Inside Global to communicate on the internet with a public IP.

My question is what in the world is Outside Global, and Outside Local?

Is this the return traffic from the remote destination? or is it that the inside local get's translated at the incoming port on the router interface then becomes the inside global if it's on the company intranet, but when it leaves it becomes outside global?

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

networker050184

The example I like to use for these is a load balancer doing SNAT (Source NAT) for a website.

An HTTP request comes in from the internet with source IP 1.1.1.1 (outside global) and hits your LB destined to 2.2.2.2 (inside global) which is the VIP for your site.

LB translates the source to itself 3.3.3.3 (outside local) so that all return traffic goes to the LB and translates the destination to 4.4.4.4 (inside local) to send to one of the real servers.

TechGromit

UsualSuspect7 wrote: »

My question is what in the world is Outside Global, and Outside Local?

Outside Global is the address of the internet IP address your connecting to, think CNN. Outside Local is the Private address of the server inside CNN's organization your connecting to. Usually you do not know this address unless they give it to you on an exam.

networker050184 wrote: »

translates the destination to 4.4.4.4 (inside local) to send to one of the real servers.

Usually inside local (or outside local) is a private IP address, it would be very unusual for a company to use an internet route-able address in there local network, but if that's what the exam says, that's what it is.

UsualSuspect7 wrote: »

inside global if it's on the company intranet

Inside Global would be the company portal to the internet, what the internal LAN private Address get converted to, to communicate with internet sites/IP addresses. Or if the company runs it's own web server, it would be what the internet DNS resolves to, to point to there site's Internet IP address (such as CNN).

UsualSuspect7

thank you,