- Posts: 161
- Thank you received: 0
NAT inconsistency in Cisco material
15 years 11 months ago #28773
by SteveP
NAT inconsistency in Cisco material was created by SteveP
I understand the basics of NAT but I've come across an inconsistency in the official material and I'd like to resolve it.
If I'm sitting at a PC in an organisation, the IP address of my PC may be 192.168.123.123 and this is the Inside Local address. The NAT router of the organisation translates this to a registered address, which might be 83.56.23.94 and this is the Inside Global address.
If I access a site, let's say www.firewall.cx , this is converted to an IP address by DNS and sends data from my web browser to, for instance, 74.200.84.4. If there's NAT at the far end (the Outside network), this address will be translated to a private address, say 172.20.4.56 and this is the physical server with which I am communicating, but this address is irrelevant to me.
The inconsistency:
Some of the material refers to 74.200.84.4 as the Outside Global address and 172.20.4.56 as the Outside Local address whilst other material refers to 74.200.84.4 as the Outside Local address and 172.20.4.56 as the Outside Global address. Which is correct?
As a novice, it would be logical if a Local address is that by which a host on a LAN refers to another host on the same LAN whilst a Global address is that by which a host refers to another host on a different LAN under the control of a different organisation. I don't know if this is correct though!
If I'm sitting at a PC in an organisation, the IP address of my PC may be 192.168.123.123 and this is the Inside Local address. The NAT router of the organisation translates this to a registered address, which might be 83.56.23.94 and this is the Inside Global address.
If I access a site, let's say www.firewall.cx , this is converted to an IP address by DNS and sends data from my web browser to, for instance, 74.200.84.4. If there's NAT at the far end (the Outside network), this address will be translated to a private address, say 172.20.4.56 and this is the physical server with which I am communicating, but this address is irrelevant to me.
The inconsistency:
Some of the material refers to 74.200.84.4 as the Outside Global address and 172.20.4.56 as the Outside Local address whilst other material refers to 74.200.84.4 as the Outside Local address and 172.20.4.56 as the Outside Global address. Which is correct?
As a novice, it would be logical if a Local address is that by which a host on a LAN refers to another host on the same LAN whilst a Global address is that by which a host refers to another host on a different LAN under the control of a different organisation. I don't know if this is correct though!
15 years 10 months ago #29012
by SteveP
Replied by SteveP on topic Re: NAT inconsistency in Cisco material
Bump
I suppose that I waffled on a bit - so here it is in a nutshell:
If I'm on the Inside network and send traffic to a host on the Outside network and both networks have NAT routers at the edge of their respective networks, does my traffic to them have:
Inside Local
Inside Global
Outside Global
Outside Local
<OR>
Inside Local
Inside Global
Outside Local
Outside Global
IP addresses as it passes from me to them? Some of the official Cisco material says that the first is correct, whilst some says the latter.
I suppose that I waffled on a bit - so here it is in a nutshell:
If I'm on the Inside network and send traffic to a host on the Outside network and both networks have NAT routers at the edge of their respective networks, does my traffic to them have:
Inside Local
Inside Global
Outside Global
Outside Local
<OR>
Inside Local
Inside Global
Outside Local
Outside Global
IP addresses as it passes from me to them? Some of the official Cisco material says that the first is correct, whilst some says the latter.
15 years 10 months ago #29020
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: NAT inconsistency in Cisco material
For your
www.firewall.cx
example, 74.200.84.4 is both the Outside local and the Outside global address. Yes, this might sound odd at the beginning but this is what I just got out from the CCNA academy material.
Inside and Outside refer to the physical location of the host/server.
Local means the IP address as it is seen by the inside network. Global means the IP address as it is seen by the outside/INTERNET (but not necessarily inside the outside network).
The private address 172.20.4.56 (of example www.firewall.cx ) has no naming!!. Unless you look at the www.firewall.cx LAN as your inside LAN.
Thats as far as I understand it. A quick look here might help: www.cisco.com/en/US/tech/tk648/tk361/tec...186a0080094837.shtml
www.cisco.com/en/US/tech/tk648/tk361/tec...186a0080094831.shtml
Inside and Outside refer to the physical location of the host/server.
Local means the IP address as it is seen by the inside network. Global means the IP address as it is seen by the outside/INTERNET (but not necessarily inside the outside network).
The private address 172.20.4.56 (of example www.firewall.cx ) has no naming!!. Unless you look at the www.firewall.cx LAN as your inside LAN.
Thats as far as I understand it. A quick look here might help: www.cisco.com/en/US/tech/tk648/tk361/tec...186a0080094837.shtml
www.cisco.com/en/US/tech/tk648/tk361/tec...186a0080094831.shtml
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
15 years 10 months ago #29025
by SteveP
Replied by SteveP on topic Re: NAT inconsistency in Cisco material
Thanks S0lo - your comment "Nothing is as easy as it looks" is so true ... but very frustrating. I just wonder if things are made so complicated (and illogical) just to trip us all up!
15 years 10 months ago #29027
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: NAT inconsistency in Cisco material
O that comment . Some times frustrating indeed!!. This one might be a little more optimistic:
"Everything should be as simple as possible, but no simpler", Albert Einstein.
"Everything should be as simple as possible, but no simpler", Albert Einstein.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
15 years 10 months ago #29035
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: NAT inconsistency in Cisco material
I remember when i did my courses, it confussed the hell out of me then and it still does
The link that S0lo has posted is quite good, from what i understand is;
Local - Real/Private (pre natt'd address)
Global - Nat'd/PublicIP (post natt'd address)
Inside - is as the traffic leaves (i.e. source/destination as traffic goes out)
Outside - is as the traffic arrives (i.e. source/destination as traffic is coming in)
But now i have just read it its confussed me again, argh.....
lol
The link that S0lo has posted is quite good, from what i understand is;
Local - Real/Private (pre natt'd address)
Global - Nat'd/PublicIP (post natt'd address)
Inside - is as the traffic leaves (i.e. source/destination as traffic goes out)
Outside - is as the traffic arrives (i.e. source/destination as traffic is coming in)
But now i have just read it its confussed me again, argh.....
lol
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.145 seconds