Understand more about local and global addresses in NAT

This article allows you to define and understand the following concepts of NAT (Network Address Translation): inside local, inside global, outside local, and outside global.

Definition of terms

Cisco defines the terms used in NAT as follows:

-        Inside local address-The IP address assigned to a host of the internal network.This is the address configured as a parameter of the computer's operating system or automatically assigned via protocols such as DHCP.This address is not valid IP addresses issued by the NIC (Network Information Center) or Internet service provider.

- Inside global address - A valid address issued by a NIC or an intermediary service provider.This address represents one or more inside local IP addresses in communicating with the external network.

-Outside local address - As the IP address of an external network host, the internal network hosts will see the external network host through this address.Outside local is not necessarily a valid address on the IP network (it may be a private address).

Outside global address - The IP address assigned to a host belonging to an external network by the owner of that host.This address is assigned by a valid IP address on the Internet.

The above is the classic definition of Cisco, but it is not easy to understand and sometimes causes us many mistakes.Before going into the examples, we redefine the above terms in a way that is easier to understand.First of all, keep in mind that NAT's concept of 'inside' and 'outside' is the interface configured by the ip command nat inside and ip nat outside.Networks connected to these interfaces will have their respective inside and outside roles respectively.

-       Local address-The address that appears in the 'inside' part of a network.

-Global address-An address that appears on the 'outside' part of a network.

Packets originating from the 'inside' network section will have the source IP address as 'inside local' address and the destination IP is 'ouside local' when it is still in the 'inside' network part.Also, when it is switched to the 'outside' network, the source IP address will be changed to the "inside global address" and the destination IP address of the packet will be 'outside global address'.

Conversely, when a packet originates from an 'outside' network, while it is still on the 'outside' network, its source IP address will be "outside global address", the destination IP address will be "inside global address ".When the same packet is transferred to the 'inside' network, the source address will be "outside local address" and the destination address of the packet will be "inside local address".

Let us look at the example in the following figure:

Understand more about local and global addresses in NAT Picture 1

Illustrative examples

The following sections will delve into the above terms using simple topology as follows

Understand more about local and global addresses in NAT Picture 2

Defining inside local and inside global addresses

In this example in the middle will be configured NAT to translate addresses.When receiving a packet from the internal network going out with the source IP address of 10.10.10.1, this address will be changed to 171.16.68.5 by the router before going out.And vice versa when the router receives a packet with an IP address of 171.16.68.5 from the external network, it will translate into an IP destination address of 10.10.10.1.

ip nat inside source static 10.10.10.1 171.16.68.5

! --- Inside device A được biết đến bên ngoài Cloud là 171.16.68.5.

interface s 0

ip nat inside

interface s 1

ip nat outside

When the internal device communicates with an external device, the addresses are defined as follows:

Inside Global

Inside Local

Outside Local

Outside Global

171.16.68.5

10.10.10.1

171.16.68.1

171.16.68.1

As mentioned above, addresses are addresses that appear in the inside network cloud.Global addresses are addresses that appear on the outside cloud.Since the way NAT is configured in this example to only translate inside addresses, the 'inside local' address is different from the 'inside global' address while the 'outside local' and 'outside global' addresses are exactly the same.

together.

The following figure shows the message when it is on the inside and outside network.

Understand more about local and global addresses in NAT Picture 3

Define outside local and outside global addresses

In the next configuration example, when the NAT router receives a packet on its outside interface with a source address of 171.16.68.1, the address is translated to 10.10.10.5.This also means that if the NAT router receives a packet on its inside interface with a destination address of 10.10.10.5, that destination address will be translated to 171.16.68.1.

ip nat outside source static 171.16.68.1 10.10.10.5

! --- Outside device A được biết đến bên trong Cloud là 10.10.10.5.

interface s 0

ip nat inside

interface s 1

ip nat outside

When the internal device communicates with an external device, the addresses are defined as follows:

Inside Global

Inside Local

Outside Local

Outside Global

10.10.10.1

10.10.10.1

10.10.10.5

171.16.68.1

Addresses are addresses that appear in the inside network cloud.Global addresses are addresses that appear on the outside cloud.Since the way NAT is configured in this example to only translate outside addresses, the 'outside local' address will be different from the 'outside global' address while the 'inside local' and 'inside global' addresses are exactly the same. together.

The following figure shows the message when it is on the inside and outside network.

Understand more about local and global addresses in NAT Picture 4

Define both Local and Global addresses

In this final configuration example, the NAT router is configured to perform address translation as follows: when this router receives a packet at the inside interface with the source address of 10.10.10.1, this address will be Translated into 171.16.68.5.When this NAT router receives a packet on its outside interface with a source address of 171.16.68.1, the address is translated to 10.10.10.5.

This also means that when the NAT router receives a packet on its outside interface with a destination address of 171.16.68.5, the destination address is translated to 10.10.10.1.Also, when the NAT receives a packet on its inside interface with a destination address of 10.10.10.5, the address will be translated to 171.16.68.1.

ip nat inside source static 10.10.10.1 171.16.68.5

! --- Inside device A được biết đến Outside Cloud là 171.16.68.5.

ip nat outside source static 171.16.68.1 10.10.10.5

! --- device A được biết đến bên ngoài Cloud như 10.10.10.5.

interface s 0

ip nat inside

interface s 1

ip nat outside

When the internal device communicates with an external device, the addresses are defined as follows:

Inside Global

Inside Local

Outside Local

Outside Global

171.16.68.5

10.10.10.1

10.10.10.5

171.16.68.1

Again we note that the local address is the address that appears in the inside network and the global address is the address that appears on the outside network.In this special case, because of how to configure NAT, both 'inside' and 'outside' addresses are translated so that the 'inside local' address will be different from the 'inside global' and the address' outside. local 'will also be different from the' outside global 'address

The following figure shows the message when it is on the inside and outside network.

Understand more about local and global addresses in NAT Picture 5

In short, the terms 'local' and 'global' will be much more understandable if we look at their location when appearing in the network.The local address only appears in the 'inside' part of the network while the global address only appears in the 'outside' section of the network.Also depending on how the NAT is configured, global and local addresses on each interface (inside or outside) may be the same or not the same.