RE: Restated question: NAT and ip routing sequence order

From: HP-France,ex2 ("SANCHEZ-MONGE,ANTONIO)
Date: Fri Apr 09 2004 - 16:05:20 GMT-3

• Next message: HP-France,ex2: "RE: Restated question: NAT and ip routing sequence order"
• Previous message: Joe Martin: "RE: Planning on Cisco CallManager"
• Maybe in reply to: David Hurtado: "Restated question: NAT and ip routing sequence order"
• Next in thread: HP-France,ex2: "RE: Restated question: NAT and ip routing sequence order"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hola David,

I think we need to think symmetrically. Let us suppose the translations ARE
in place (static translations).

In my example, there are both "ip nat inside source" and "ip nat destination
source" STATIC translations (one to one local to global).

When a packet is received from NAT inside:
1A: If the destination interface is in the ip NAT outside translation rule,
the destination address will be translated.
1B: If the destination interface is NOT in the ip NAT outside translation
rule, the destination address will NOT be translated.
2: Routing process will decide where to send the packet. In case 1A, if the
NAT rule is well configured the output interface decided by the routing
process should be outside.
3A: If the destination interface is outside, and the source is in the ip NAT
inside translation rule, the source address will be translated.
3B: If the destination interface is outside, and the source is NOT in the ip
NAT inside translation rule, the source address will NOT be translated
3C: If the destination interface is NOT outside, then no further translation
takes place. This should be the case only if 1B (not 1A).

And now, the symmetrical statement:

When a packet is received from NAT outside:
1A: If the destination interface is in the ip NAT inside translation rule,
the destination address will be translated.
1B: If the destination interface is NOT in the ip NAT inside translation
rule, the destination address will NOT be translated.
2: Routing process will decide where to send the packet. In case 1A, if the
NAT rule is well configured the output interface decided by the routing
process should be inside.
3A: If the destination interface is inside, and the source is in the ip NAT
outside translation rule, the source address will be translated.
3B: If the destination interface is inside, and the source is NOT in the ip
NAT outside translation rule, the source address will NOT be translated
3C: If the destination interface is NOT inside, then no further translation
takes place. This should be the case only if 1B (not 1A).

If instead of static translations you have NAT pools, interface overload,
etc... then the creation of the rules may affect the operations (the flow
above concerns already created translation entries).

This is the way I see it (did not test it extensively). My point is that
outside an inside is an arbitrary concept and that the router does not
distinguish between them.

Cheers,
Ato.

-----Original Message-----
From: David Hurtado [mailto:dei2viccie@hotmail.com]
Sent: viernes, 09 de abril de 2004 17:13
To: Guy.Lupi@eurekanetworks.net; ccielab@groupstudy.com
Subject: Restated question: NAT and ip routing sequence order

Maybe i didn't state my question clearly. Sorry.

Suppose you implement NAT in a router. You establish a NAT inside interface
and a NAT outside interface. The link that i mentioned before says that a
packet that goes from inside interface to outside interface will be:

1:. Routed by the routing process.
2: Translated by NAT

And that a packet that goes from outside interface to inside interface will
be:

1:. Translated by NAT
2:. Routed by the routing process.

What i wanted to know is if:

-the rule applies only to routers configured with "ip nat inside" statement

OR

-the rule applies to whatever router that implements NAT (doesn't matter
that it is configured with "ip nat inside" or "ip nat outside" statement)

I think this topic is interesting because suppose you have a router with 3
interfaces:

NO NAT ----E0/1 (ROUTER) E0/2 ------- NAT INSIDE
                             E0/3
                               |
                               |
                        NAT OUTSIDE

You implement "ip nat inside source" translation and "ip nat outside source"

translation:

If you send a packet from NAT inside:
1: Routing process will decide where to send the packet
2: A.-If the destination interface is NAT outside, the address will be
translated
2:B - If the destination interface is NO NAT interface, the address will NOT

be translated

If you send a packet from NAT outside:
1: NAT will translated the packet (doesn't matter which will be the output
interface)
2: Routing process will decide where to send the packet

So a packet coming into the router from the outside interface will ALWAYS be

translated!!!!

This is what i deduce from the statement in:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080
094430.shtml

Probably i'm wrong, but i hope that somebody could explain which is the
sequence of actions in function of the NAT configuration

Sorry again for the above email.

Thanks

>From: "Lupi, Guy" <Guy.Lupi@eurekanetworks.net>
>Reply-To: "Lupi, Guy" <Guy.Lupi@eurekanetworks.net>
>To: "'David Hurtado'" <dei2viccie@hotmail.com>, ccielab@groupstudy.com
>Subject: RE: NAT and ip routing sequence order
>Date: Fri, 9 Apr 2004 09:57:42 -0400
>
>The only way for NAT to function is to have at least one inside and one
>outside interface, so if you have NAT running on a router you will
>always have an interface with the "ip nat inside" statement on it.
>
>This doesn't apply at all if there is no NAT on the router, or perhaps
>I am not understanding your question?
>
>-----Original Message-----
>From: David Hurtado [mailto:dei2viccie@hotmail.com]
>Sent: Friday, April 09, 2004 8:51 AM
>To: ccielab@groupstudy.com
>Subject: NAT and ip routing sequence order
>
>
>Hello everybody,
>
>Reviewing the following link:
>
>http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186
>a0080
>094430.shtml
>
>I have read this statement:
>
>Note: When a packet is going from inside to outside, it is routed and
>then translated (NAT). In the opposite direction (outside to inside),
>NAT takes place first.
>
>Is it always valid or is only applicable to "ip nat inside"?
>
>Thanks for the help
>
>_________________________________________________________________
>Encuentra a tu media naranja entre los perfiles que mas te gusten. Toda
>la magia del romance en MSN Amor & Amistad. http://match.msn.es/
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: HP-France,ex2: "RE: Restated question: NAT and ip routing sequence order"
• Previous message: Joe Martin: "RE: Planning on Cisco CallManager"
• Maybe in reply to: David Hurtado: "Restated question: NAT and ip routing sequence order"
• Next in thread: HP-France,ex2: "RE: Restated question: NAT and ip routing sequence order"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:44 GMT-3