NAT/PAT functions on LAN int and internet facing

In the Odom book, Chp 16 states,

"
The local LAN segment performs NAT/PAT, changing the source IP address of packets entering the local LAN interface and exiting the Internet-facing interface."

Would it then also be true to say

The Internet facing interface performs NAT/PAT, changing the DESTINATION IP address of packets entering the Internet facing interface and exiting the LAN interface.

?

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

*darklord*

IMO: No
The main reason for using NAT/PAT is to allow private addresses to go on the internet i.e interact with public addresses...
NAT/PAT is done by the device and not by any specific interface...hope this helps

m.ouamer

Hi x5150,

The nat/pat process changes the source IP addresses of IP packets(these ip packets should match a specific acl, or static nat entries) going to the Internet, and changes the destination IP addresses of IP packets coming from the Internet according to the nat/pat translation table.

Hope this help,

Mohamed.
ciscoccnabootcamp.com

Heero

x5150 wrote: »

In the Odom book, Chp 16 states,

"
The local LAN segment performs NAT/PAT, changing the source IP address of packets entering the local LAN interface and exiting the Internet-facing interface."

Would it then also be true to say

The Internet facing interface performs NAT/PAT, changing the DESTINATION IP address of packets entering the Internet facing interface and exiting the LAN interface.

?

The actual change happens when the packet is between interfaces. So for example, it will go through the inbound ACL on the LAN interface with the unchanged packet information. Then the router changes it and sends it to the Internet facing interface. Then, AFTER the change it will go through outbound ACLs on the outbound interface.

Understanding when the NAT translation took place has been important for me in a few situations, generally involving ACLs

burbankmarc

Heero wrote: »

The actual change happens when the packet is between interfaces. So for example, it will go through the inbound ACL on the LAN interface with the unchanged packet information. Then the router changes it and sends it to the Internet facing interface. Then, AFTER the change it will go through outbound ACLs on the outbound interface.

Understanding when the NAT translation took place has been important for me in a few situations, generally involving ACLs

He speaks the truth. Know the order of operation. I had a mess of a policy based routing configuration in place and was having issues. This document is always helpful:

NAT Order of Operation - Cisco Systems

tha_dub

Heero wrote: »

The actual change happens when the packet is between interfaces. So for example, it will go through the inbound ACL on the LAN interface with the unchanged packet information. Then the router changes it and sends it to the Internet facing interface. Then, AFTER the change it will go through outbound ACLs on the outbound interface.

Understanding when the NAT translation took place has been important for me in a few situations, generally involving ACLs

Cool thank you this is great info. For anyone trying to lock down a network this makes one heck of a difference.

jason_lunde

Ya this is a great doc to know inside and out. To make it even more confusing our Juniper SRX box does exactly the opposite....nats and then security policy