Re: Are you an IOS NAT expert?

Also, just use a structured approach, it's really not that hard.

Here are a couple analogies, that might ease your pain coming together with
Cisco's terms.

Imagine "inside" and "outside" in terms of building and a chair. A chair can
always be either inside the building or outside the building. It can never
be at the both places at once and it definitively has to be on one of the
sides. Same goes for physical location of hosts in the IP network.

Now how you are looking at the chair? You can either be inside the building
and look at the chair locally, or go outside the building and look at the
inside chair from outside with the global perspective. So local and global
defines a viewpoint - where do you look from.

When you are oustside, and you are looking on the inside chair, you look at
it through window with a global perspective - inside's chair image is
distorted by the window (read: it's IP adress is translated by the NAT), but
when you are inside the building and looking at the chair locally, it's
image is not distorted (read: it's IP address is not translated).

Same goes if the chair is outisde the building. If you're outside and the
chair is outside, you're looking at it with a global perspective, but if you
go inside the building and look at the chair that is outside the building -
the chair is distorted (translated). So your local view of outside (i.e.
outside local in Cisco's terms) is distorted by the Window/NAT.

inside local , inside global, outside local and outside global are all cisco
term's that adhere to these concepts

Everything else is just adding to those concepts. NAT POOL are different
window colors, while ACLs define the types of chairs that can be seen... But
i wouldn't go there with analogies.

Main types of translations are therefore "inside source": how do we see the
inside chair from outside the building (inside global), and "outside
source": how do we view the outside chair from inside the building (outside
local).

On Mon, May 18, 2009 at 11:43 AM, Dale Shaw <dale.shaw_at_gmail.com> wrote:

> Hi all,
>
> I really dislike IOS NAT. Reeeaaallly dislike it. I cut my teeth on
> NAT on Linux and BSD and it just seems to make so much more sense to
> me on those systems.
>
> The "inside local", "inside global", "outside local" and "outside
> global" concepts -- why, Cisco? Whhhhhy? And it's just as
> brain-destroying on PIX/ASA, if you ask me.
>
> Anyway, I could whinge and moan about Cisco's implementation all day
> long, but that's not going to help. Essentially, I'd like to become
> much better at identifying and applying solutions to NAT scenarios
> with IOS.
>
> I've been setting up NAT on routers for years, and in the end, I can
> always make it work. For trickier configurations, sure, it takes
> longer, but I get there. As we all know, though, there's no time for
> trial and error in the exam room. I want to be able to look at a NAT
> task and immediately know which interface(s) should be 'inside' and
> which interface(s) should be 'outside', which of the many NAT
> configuration options will get the job done, and what "gotchyas" each
> method comes packaged with (e.g. when static routes are required).
>
> Don't get me wrong, I understand how a packet can be transformed by a
> NAT, it's really just gaining a deeper understanding of Cisco's
> implementation.
>
> So, I guess I'm happy to hear what study material helped you really
> 'get' NAT - DocCD links, other Cisco.com articles, books, workbooks,
> whatever - but I'm more interested in the way you approach NAT tasks
> in terms of logic, strategy and troubleshooting. I personally haven't
> found a resource yet that gives me the background theory I require to
> get the most out of practice labs.
>
> cheers,
> Dale
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Pavel Bykov
----------------
Don't forget to help stopping the braindumps, use of which reduces value of
your certifications. Sign the petition at http://www.stopbraindumps.com/
Blogs and organic groups at http://www.ccie.net