NAT/PAT functions on LAN int and internet facing
x5150
Member Posts: 42 ■■□□□□□□□□
in CCNA & CCENT
In the Odom book, Chp 16 states,
"
The local LAN segment performs NAT/PAT, changing the source IP address of packets entering the local LAN interface and exiting the Internet-facing interface."
Would it then also be true to say
The Internet facing interface performs NAT/PAT, changing the DESTINATION IP address of packets entering the Internet facing interface and exiting the LAN interface.
?
"
The local LAN segment performs NAT/PAT, changing the source IP address of packets entering the local LAN interface and exiting the Internet-facing interface."
Would it then also be true to say
The Internet facing interface performs NAT/PAT, changing the DESTINATION IP address of packets entering the Internet facing interface and exiting the LAN interface.
?
Comments
-
*darklord*
Registered Users Posts: 1 ■□□□□□□□□□
IMO: No
The main reason for using NAT/PAT is to allow private addresses to go on the internet i.e interact with public addresses...
NAT/PAT is done by the device and not by any specific interface...hope this helps -
m.ouamer
Registered Users Posts: 5 ■□□□□□□□□□
Hi x5150,
The nat/pat process changes the source IP addresses of IP packets(these ip packets should match a specific acl, or static nat entries) going to the Internet, and changes the destination IP addresses of IP packets coming from the Internet according to the nat/pat translation table.
Hope this help,
Mohamed.
ciscoccnabootcamp.com
-
Heero
Member Posts: 486
The actual change happens when the packet is between interfaces. So for example, it will go through the inbound ACL on the LAN interface with the unchanged packet information. Then the router changes it and sends it to the Internet facing interface. Then, AFTER the change it will go through outbound ACLs on the outbound interface.In the Odom book, Chp 16 states,
"
The local LAN segment performs NAT/PAT, changing the source IP address of packets entering the local LAN interface and exiting the Internet-facing interface."
Would it then also be true to say
The Internet facing interface performs NAT/PAT, changing the DESTINATION IP address of packets entering the Internet facing interface and exiting the LAN interface.
?
Understanding when the NAT translation took place has been important for me in a few situations, generally involving ACLs -
burbankmarc
Member Posts: 460
The actual change happens when the packet is between interfaces. So for example, it will go through the inbound ACL on the LAN interface with the unchanged packet information. Then the router changes it and sends it to the Internet facing interface. Then, AFTER the change it will go through outbound ACLs on the outbound interface.
Understanding when the NAT translation took place has been important for me in a few situations, generally involving ACLs
He speaks the truth. Know the order of operation. I had a mess of a policy based routing configuration in place and was having issues. This document is always helpful:
NAT Order of Operation - Cisco Systems -
tha_dub
Member Posts: 262
The actual change happens when the packet is between interfaces. So for example, it will go through the inbound ACL on the LAN interface with the unchanged packet information. Then the router changes it and sends it to the Internet facing interface. Then, AFTER the change it will go through outbound ACLs on the outbound interface.
Understanding when the NAT translation took place has been important for me in a few situations, generally involving ACLs
Cool thank you this is great info. For anyone trying to lock down a network this makes one heck of a difference. -
jason_lunde
Member Posts: 567
Ya this is a great doc to know inside and out. To make it even more confusing our Juniper SRX box does exactly the opposite....nats and then security policy
