NAT Question

Ok I seem to have some confusion over the terms that they explain with NAT. I understand how NAT works and use it at home for port mapping and redirection and such. The book says:

Inside / Local -> essentially your local LAN address
Inside / Global -> your public IP address
Outside / Global -> any standard internet IP address
Outside / Local -> I have no clue

Seems the last part is whats throwing me off. Any advice?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

APA

Outside - Local = Any address you wish your inside clients to use which you will then map to the Outside -Global address (the real live IP)

Think of a situation where you want to hide a DMZ server address or an external server address from your internal clients... Hence you control this via your outside nat's

Thus - inside clients will only utilize the Outside-Local addres, they should never use the real address as identified by the Outside-Global address.

Another situation would be where a clash of IP addressing happens and you need to translate the real outside address (Outside-Global) to something your inside hosts can use to bypass IP addressing\routing conflicts...(Outside-Local).

Hope this helps

NightShade03

Now why couldn't the book just explain it that way

The example definitely makes things most clear. Thank you for the example.

mattrgee

I always thought of it as:

Inside / Local -> my lan address
Inside / Global -> my public addres
Outside / Global -> their public address
Outside / Local -> their lan address

networker050184

The easiest way to learn IMO is to set it up and do a "sho ip nat trans"

1811_TEST_ROUTER#ping 4.4.4.4 source 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1 
.....
Success rate is 0 percent (0/5)
1811_TEST_ROUTER#sho ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
icmp 10.5.5.5:36    10.1.1.1:36        4.4.4.4:36         4.4.4.4:36
1811_TEST_ROUTER#

blackninja

networker050184 wrote: »

The easiest way to learn IMO is to set it up and do a "sho ip nat trans"

1811_TEST_ROUTER#ping 4.4.4.4 source 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1 
.....
Success rate is 0 percent (0/5)
1811_TEST_ROUTER#sho ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
icmp 10.5.5.5:36    10.1.1.1:36        4.4.4.4:36         4.4.4.4:36
1811_TEST_ROUTER#

The exact way I came to understand it