Confusion regarding NAT terms

First off sorry for all my threads; I think I'm getting close to setting up my test date so am bringing up everything I've not been able to make sense of.

Regarding NAT terms, I understand Inside local (my hosts' private address) and Inside global (the address assigned by my ISP). I know the actual definition isn't that specific but I find it easier to remember when I apply information to something I already know.

I'm having trouble though with the difference between Outside local and Outside global. Both are the destination address; before and after translation, respectively, but I can't grasp how/why/when the destination address would get translated?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

notgoing2fail

bermovick wrote: »

First off sorry for all my threads; I think I'm getting close to setting up my test date so am bringing up everything I've not been able to make sense of.

Regarding NAT terms, I understand Inside local (my hosts' private address) and Inside global (the address assigned by my ISP). I know the actual definition isn't that specific but I find it easier to remember when I apply information to something I already know.

I'm having trouble though with the difference between Outside local and Outside global. Both are the destination address; before and after translation, respectively, but I can't grasp how/why/when the destination address would get translated?

If I remember correctly, the outside global is your PUBLIC destination address.
The outside local would then be the private side of your destination...

wbosher

bermovick wrote: »

I can't grasp how/why/when the destination address would get translated?

I'm with you there. The destination address would also probably get NATed, so you would never actually see the inside address (outside local) of the remote network. I guess there must be times when you can, or why would they bother putting it in the ouput of the show ip nat translations command?

bermovick

wbosher wrote: »

I'm with you there. The destination address would also probably get NATed, so you would never actually see the inside address (outside local) of the remote network. I guess there must be times when you can, or why would they bother putting it in the ouput of the show ip nat translations command?

Exactly! I can understand what NG2F is saying, and it was the only possibility I can see, but even that doesn't really make sense. We don't really care much about what the hardware way over at the other end of the connection does.

Although perhaps it's referring to the 'return path' where my public IP becomes the Outside global and my private IP the Outside local, and the only difference between Inside and Outside is the direction the data is flowing. That makes a little bit of sense... but just barely.

Selfmade

think of it as a wall

the inside local is on one side of the wall, which has the rest of your network behind the "local" side of the wall, the outside has the "rest of the internet" on the other side.

the job of the inside local is to provide NAT translation to the outside, this is how they conserve so many IP addresses while seperating private networks from the internet.

Think about a company's web server, or a company's internet based file server that is accessible between branches. That's kind of a good explaination for what NAT does and it's purpose.

bermovick

That explains inside local and inside global and, I suppose, outside global, but doesn't explain outside local... Unless there's a second wall waaaay over there.

I suppose when you consider you may administer 2 private network locations separated in space; each with a public IP and some type of WAN connection connecting them it makes a bit more sense since "way out there" is also us/me.

Is this (awesomely done, if I do say so myself) ascii-representation what you've been talking about? (R1 and R2 are performing NAT for the networks behind them, of which only PC1 and PC2 are shown)?

..IL........IG.....................OG........OL
[]

[]

{cloud}

[]

[]
PC1......R1..........................R2.......PC2

[edit] gah. it removed my spacing and ruined my pretty ascii-art. replaced spaces with periods.

notgoing2fail

bermovick wrote: »

That explains inside local and inside global and, I suppose, outside global, but doesn't explain outside local... Unless there's a second wall waaaay over there.

I suppose when you consider you may administer 2 private network locations separated in space; each with a public IP and some type of WAN connection connecting them it makes a bit more sense since "way out there" is also us/me.

Is this (awesomely done, if I do say so myself) ascii-representation what you've been talking about? (R1 and R2 are performing NAT for the networks behind them, of which only PC1 and PC2 are shown)?

..IL........IG.....................OG........OL
[]
[]
{cloud}
[]
[]
PC1......R1..........................R2.......PC2

[edit] gah. it removed my spacing and ruined my pretty ascii-art. replaced spaces with periods.

That ASCII is correct. Also, the Outside Global/Local aren't used as often. I think Wendell Odom even mentioned that. There are some unique situations that you can run into where the OG/OL come in handy.....If I had a better memory, I would remember what those scenarios were...

Selfmade

notgoing2fail wrote: »

That ASCII is correct. Also, the Outside Global/Local aren't used as often. I think Wendell Odom even mentioned that. There are some unique situations that you can run into where the OG/OL come in handy.....If I had a better memory, I would remember what those scenarios were...

basically what he said, you kinda took my analogy a little offbase in what you were saying when you were thinking of 2 walls on one network lol.

What I meant with my analogy is how there's a seperation between your network and the point to where NAT is done as far as explaining the local/global thing inside the network.

Forsaken_GA

Stretch over at packetlife.net made a very good post explaining this:

Understanding NAT address types - Packet Life

alan2308

Forsaken_GA wrote: »

Stretch over at packetlife.net made a very good post explaining this:

Understanding NAT address types - Packet Life

He's also got a nice **** sheet on NAT as well. I couldn't tell you how much time I've spent reading his posts.

http://packetlife.net/media/library/32/NAT.pdf