Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: NAT inconsistency in Cisco material

NAT inconsistency in Cisco material 7 years 10 months ago #28773

  • SteveP
  • SteveP's Avatar
  • Offline
  • Distinguished Member
  • Posts: 161
  • Karma: 0
I understand the basics of NAT but I've come across an inconsistency in the official material and I'd like to resolve it.

If I'm sitting at a PC in an organisation, the IP address of my PC may be 192.168.123.123 and this is the Inside Local address. The NAT router of the organisation translates this to a registered address, which might be 83.56.23.94 and this is the Inside Global address.

If I access a site, let's say www.firewall.cx, this is converted to an IP address by DNS and sends data from my web browser to, for instance, 74.200.84.4. If there's NAT at the far end (the Outside network), this address will be translated to a private address, say 172.20.4.56 and this is the physical server with which I am communicating, but this address is irrelevant to me.

The inconsistency:

Some of the material refers to 74.200.84.4 as the Outside Global address and 172.20.4.56 as the Outside Local address whilst other material refers to 74.200.84.4 as the Outside Local address and 172.20.4.56 as the Outside Global address. Which is correct?

As a novice, it would be logical if a Local address is that by which a host on a LAN refers to another host on the same LAN whilst a Global address is that by which a host refers to another host on a different LAN under the control of a different organisation. I don't know if this is correct though!
The administrator has disabled public write access.

Re: NAT inconsistency in Cisco material 7 years 10 months ago #29012

  • SteveP
  • SteveP's Avatar
  • Offline
  • Distinguished Member
  • Posts: 161
  • Karma: 0
Bump

I suppose that I waffled on a bit - so here it is in a nutshell:

If I'm on the Inside network and send traffic to a host on the Outside network and both networks have NAT routers at the edge of their respective networks, does my traffic to them have:

Inside Local
Inside Global
Outside Global
Outside Local

<OR>

Inside Local
Inside Global
Outside Local
Outside Global

IP addresses as it passes from me to them? Some of the official Cisco material says that the first is correct, whilst some says the latter.
The administrator has disabled public write access.

Re: NAT inconsistency in Cisco material 7 years 10 months ago #29020

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
For your www.firewall.cx example, 74.200.84.4 is both the Outside local and the Outside global address. Yes, this might sound odd at the beginning but this is what I just got out from the CCNA academy material.

Inside and Outside refer to the physical location of the host/server.

Local means the IP address as it is seen by the inside network. Global means the IP address as it is seen by the outside/INTERNET (but not necessarily inside the outside network).

The private address 172.20.4.56 (of example www.firewall.cx) has no naming!!. Unless you look at the www.firewall.cx LAN as your inside LAN.

Thats as far as I understand it. A quick look here might help: www.cisco.com/en/US/tech/tk648/tk361/tec...186a0080094837.shtml

www.cisco.com/en/US/tech/tk648/tk361/tec...186a0080094831.shtml
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: NAT inconsistency in Cisco material 7 years 10 months ago #29025

  • SteveP
  • SteveP's Avatar
  • Offline
  • Distinguished Member
  • Posts: 161
  • Karma: 0
Thanks S0lo - your comment "Nothing is as easy as it looks" is so true ... but very frustrating. I just wonder if things are made so complicated (and illogical) just to trip us all up!
The administrator has disabled public write access.

Re: NAT inconsistency in Cisco material 7 years 10 months ago #29027

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
O that comment :). Some times frustrating indeed!!. This one might be a little more optimistic:

"Everything should be as simple as possible, but no simpler", Albert Einstein.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: NAT inconsistency in Cisco material 7 years 10 months ago #29035

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
I remember when i did my courses, it confussed the hell out of me then and it still does :)

The link that S0lo has posted is quite good, from what i understand is;

Local - Real/Private (pre natt'd address)
Global - Nat'd/PublicIP (post natt'd address)

Inside - is as the traffic leaves (i.e. source/destination as traffic goes out)
Outside - is as the traffic arrives (i.e. source/destination as traffic is coming in)

But now i have just read it its confussed me again, argh.....

lol
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup