What is the difference between inside and outside Nat ?

What is the difference between inside and outside Nat ?
when shall I use the outside nat or inside nat?
paintcoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

that1guy15Commented:
Inside nat is translating incoming traffic to your public ip address to an inside private address.

for example your public address is 65.x.x.x. all traffic for your network is pointed to that address. You would use inside nat to point specific traffic to different resources such as your email server (10.0.0.x) your web server (10.0.0.y) etc....

Ouside nat is translating all your internal (private addresses) traffic to a public ip address or group of addresses. This allows all your lan devices to not require a public address to access the web.

You can either overload an ip address by having multiple devices using the same ip address or you can setup a group of public ip addresses that your private ips can use.

0
paintcoAuthor Commented:
so if I have two sites (Site-A, Site-B)
routing between two LANs of the two sites is ok both LANs are reachable from each other

there are two servers in each site
Site-A  server-1  10.1.1.100/24
Site-A  server-2  10.1.1.101/24
Site-B  server-1  20.1.1.100/24
Site-B  server-2  20.1.1.101/24

I want to NAT the traffic between the two sites as follow
Site-A All clients  NAT to --> 172.16.1.50
Site-B All clients NAT to --> 172.16.2.50
Site-A server-1 10.1.1.100 --> NAT to 172.16.1.100
Site-A server-2 10.1.1.101 --> NAT to 172.16.1.101
Site-B server-1 20.1.1.100 --> NAT to 172.16.2.100
Site-B server-2 120.1.1.101 -- NAT to 172.16.2.101

All workstations and servers should be reachable from each other
Site-A configuration is 
RTR-A# sh run
!
int fas 0/1 
ip add 17.0.10.1 255.255.255.0
!
int se 0/1 
ip add 172.16.1.1 255.255.255.252
!
Core-A# sh run
!
int Gig 0/1 
ip add 17.0.10.50 255.255.255.0
!
int vlan 1 
ip add 10.1.1.1 255.255.255.0
!
##################################################
Site-B configuration is 
RTR-B# sh run
!
int fas 0/1 
ip add 17.0.20.1 255.255.255.0
!
int se 0/1 
ip add 172.16.2.1 255.255.255.252
!
Core-B# sh run
!
int Gig 0/1 
ip add 17.0.20.50 255.255.255.0
!
int vlan 1 
ip add 20.1.1.1 255.255.255.0
!

Open in new window

0
that1guy15Commented:
Could you please explain your network layout more. What routers connect to each other?
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

paintcoAuthor Commented:
RTR-A connected to RTR-B through PSTN using BGP routing
Site -A LAN connected to Core-A and Core-A  connected to RTR-A
Site -B LAN connected to Core-B and Core-B  connected to RTR-B
0
that1guy15Commented:
What interfaces are connecting to what? Specifically on the RTR routers. Also is there NAT being applied anywere else in this setup?
0
paintcoAuthor Commented:
RTR-A Fa0/1 going to Core-A
RTR-A Se 0/1 going to MPLS cloud
RTR-B Fa0/1 going to Core-B
RTR-B Se 0/1 going to MPLS cloud

no NAT applied anywhere
only I want to apply Nat on all traffic going and coming for each LAN router interface
0
that1guy15Commented:
Here is the config you will add to both routers. Let me know if you have any questions.
site-A (Configure on RTR-A)
 
access-list 10 deny host 10.1.1.100
access-list 10 deny host 10.1.1.101
access-list 10 permit 10.1.1.0 0.0.0.255
 
 
ip nat pool Site-A 172.16.1.50 172.16.1.50
ip nat inside source list 10 pool site-A overload
ip nat inside source static ip 10.1.1.100 172.16.1.100
ip nat inside source static ip 10.1.1.101 172.16.1.101
 
 
int fa0/1
ip nat inside
 
int se0/1
ip nat outside
 
 
site-B (Configure on RTR-B)
 
access-list 11 deny host 20.1.1.100
access-list 11 deny host 20.1.1.101
access-list 11 permit 20.1.1.0 0.0.0.255
 
 
ip nat pool Site-B 172.16.2.50 172.16.2.50
ip nat inside source list 11 pool site-B overload
ip nat inside source static ip 20.1.1.100 172.16.2.100
ip nat inside source static ip 20.1.1.101 172.16.2.101
 
 
int fa0/1
ip nat inside
 
int se0/1
ip nat outside

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
paintcoAuthor Commented:
thanks

What will be the situation if I want to implement NAT on Core switches as followed

Site-A All clients  NAT to --> 17.0.10.50
Site-B All clients NAT to --> 17.10.20.50
Site-A server-1 10.1.1.100 --> NAT to 170.10.100
Site-A server-2 10.1.1.101 --> NAT to 17.0.10.101
Site-B server-1 20.1.1.100 --> NAT to 17.0.20.100
Site-B server-2 120.1.1.101 -- NAT to 17.0.20.101
0
paintcoAuthor Commented:
if core platform is 6550 does it will fit and if there are around 50 server need to be nat one to one does it will be headache
0
that1guy15Commented:
"What will be the situation if I want to implement NAT on Core switches as followed"

that should not be a problem, just move the nat config i provided to the core switches and adjust the statements with the appropriate IP addresses.

"if core platform is 6550 does it will fit and if there are around 50 server need to be nat one to one does it will be headache "

yeah it can be time consuming and a headache to get setup for all 50 but your 6550 you should be able to handle it. This is not that un-common
0
paintcoAuthor Commented:
thanks alot
0
that1guy15Commented:
no problem
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.