NAT: Outside Local address different from Outside global address example please

Like the title says, can anybody give me a example of a situation of wear that can occur, and why who'd you need that function

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

networker050184

One example would be using SNAT (Source NAT). This will change the global source address to something different on the inside of the network. I have seen this mostly used in load balancing scenarios.

Titinho

thanks for the quick answer, now I get it why you who'd need it, before I was only thinking of NAT as a way to access the internet and because of that I could not wrap my head around it

Roguetadhg

NAT can be used for more than just that. Other than Networker's example: Like merging two companies together, you might need NAT to have both networks to talk to each other while moving things under one address.

It's just like ACLs. Used for a lot of things, not just the Packet Filtering. The more I read, the more I realize what I don't know. Heck, I hear CCIEs saying this, and they a lot! :P Technology is a love-hate relationship. It's awesome because it changes, but it also sucks because it changes.

Nah. doesn't suck. Just awesome!

xXErebuS

I would say It is more commonly seen with "Destination" NAT vs Source NAT more often. For example when you merge two companies that are both using the 10.0.0.0/16 Private network; you can use 192.168.1.0/24 as your Source nating; so your local inside is 192.168.1.0 and your global inside is your public space (say 41.254.0.0/16). Now if you use Bidirectional NAT then you would use say 192.168.2.0/24 for the other companies spaces. So when you need to reach servers on the other company (say 10.5.20.34) 192.168.2.34 would be your outside local and 10.5.20.34 would be your outside global translation (assuming your using VPN). The outside Global could also be a public IP address for the other company.

Essentially it happens when you define an outside address differently internally. I.E. I want google's servers to appear as 192.168.1.0/24. As networker stated it can be a load balancing technique; i.e. you want 41.41.43.25-30 to appear as 41.41.43.25 ONLY. I'd say this isn't common and hopefully the destination company does there own load balancing (and for your sake its not DNS round robin style). I'm sure networker has another example but one issue with this is that you have to manage the DNS for that space which can be a PITA in large environments.

Hopefully I'm not beating a dead horse =D

networker050184

With load balancing its usually to get traffic back to the LB when it's not inline. This helps with routing as you can point your public VIP to the outside of the LB and then all traffic to your servers appear to be from the LB and are routed right back.

xXErebuS

networker050184 wrote: »

With load balancing its usually to get traffic back to the LB when it's not inline. This helps with routing as you can point your public VIP to the outside of the LB and then all traffic to your servers appear to be from the LB and are routed right back.

Told you! Makes perfect sense (and good example).