HomeSystemLAN - WANUnderstand more about local and global addresses in NAT

Understand more about local and global addresses in NAT

This article allows you to define and understand the following concepts of NAT (Network Address Translation): inside local, inside global, outside local, and outside global.

Definition of terms

Cisco defines the terms used in NAT as follows:

 

-        Inside local address-The IP address assigned to a host of the internal network.This is the address configured as a parameter of the computer's operating system or automatically assigned via protocols such as DHCP.This address is not valid IP addresses issued by the NIC (Network Information Center) or Internet service provider.

 

- Inside global address - A valid address issued by a NIC or an intermediary service provider.This address represents one or more inside local IP addresses in communicating with the external network.

 

-Outside local address - As the IP address of an external network host, the internal network hosts will see the external network host through this address.Outside local is not necessarily a valid address on the IP network (it may be a private address).

 

Outside global address - The IP address assigned to a host belonging to an external network by the owner of that host.This address is assigned by a valid IP address on the Internet.

 

 

The above is the classic definition of Cisco, but it is not easy to understand and sometimes causes us many mistakes.Before going into the examples, we redefine the above terms in a way that is easier to understand.First of all, keep in mind that NAT's concept of 'inside' and 'outside' is the interface configured by the ip command nat inside and ip nat outside.Networks connected to these interfaces will have their respective inside and outside roles respectively.

 

-       Local address-The address that appears in the 'inside' part of a network.

-Global address-An address that appears on the 'outside' part of a network.

 

Packets originating from the 'inside' network section will have the source IP address as 'inside local' address and the destination IP is 'ouside local' when it is still in the 'inside' network part.Also, when it is switched to the 'outside' network, the source IP address will be changed to the "inside global address" and the destination IP address of the packet will be 'outside global address'.

 

Conversely, when a packet originates from an 'outside' network, while it is still on the 'outside' network, its source IP address will be "outside global address", the destination IP address will be "inside global address ".When the same packet is transferred to the 'inside' network, the source address will be "outside local address" and the destination address of the packet will be "inside local address".

 

Let us look at the example in the following figure:

Understand more about local and global addresses in NAT Picture 1

 

Illustrative examples

The following sections will delve into the above terms using simple topology as follows

Understand more about local and global addresses in NAT Picture 2

 

Defining inside local and inside global addresses

In this example in the middle will be configured NAT to translate addresses.When receiving a packet from the internal network going out with the source IP address of 10.10.10.1, this address will be changed to 171.16.68.5 by the router before going out.And vice versa when the router receives a packet with an IP address of 171.16.68.5 from the external network, it will translate into an IP destination address of 10.10.10.1.

 

 

ip nat inside source static 10.10.10.1 171.16.68.5

! --- Inside device A được biết đến bên ngoài Cloud là 171.16.68.5.

 

interface s 0

ip nat inside

 

interface s 1

ip nat outside

 

When the internal device communicates with an external device, the addresses are defined as follows:

 

Inside Global

Inside Local

Outside Local

Outside Global

171.16.68.5

10.10.10.1

171.16.68.1

171.16.68.1

 

 

As mentioned above, addresses are addresses that appear in the inside network cloud.Global addresses are addresses that appear on the outside cloud.Since the way NAT is configured in this example to only translate inside addresses, the 'inside local' address is different from the 'inside global' address while the 'outside local' and 'outside global' addresses are exactly the same.

together.

 

The following figure shows the message when it is on the inside and outside network.

 

Understand more about local and global addresses in NAT Picture 3

Define outside local and outside global addresses

In the next configuration example, when the NAT router receives a packet on its outside interface with a source address of 171.16.68.1, the address is translated to 10.10.10.5.This also means that if the NAT router receives a packet on its inside interface with a destination address of 10.10.10.5, that destination address will be translated to 171.16.68.1.

 

 

ip nat outside source static 171.16.68.1 10.10.10.5

! --- Outside device A được biết đến bên trong Cloud là 10.10.10.5.

 

interface s 0

ip nat inside

 

interface s 1

ip nat outside

 

When the internal device communicates with an external device, the addresses are defined as follows:

 

Inside Global

Inside Local

Outside Local

Outside Global

10.10.10.1

10.10.10.1

10.10.10.5

171.16.68.1

 

Addresses are addresses that appear in the inside network cloud.Global addresses are addresses that appear on the outside cloud.Since the way NAT is configured in this example to only translate outside addresses, the 'outside local' address will be different from the 'outside global' address while the 'inside local' and 'inside global' addresses are exactly the same. together.

 

The following figure shows the message when it is on the inside and outside network.

Understand more about local and global addresses in NAT Picture 4

 

Define both Local and Global addresses

In this final configuration example, the NAT router is configured to perform address translation as follows: when this router receives a packet at the inside interface with the source address of 10.10.10.1, this address will be Translated into 171.16.68.5.When this NAT router receives a packet on its outside interface with a source address of 171.16.68.1, the address is translated to 10.10.10.5.

 

This also means that when the NAT router receives a packet on its outside interface with a destination address of 171.16.68.5, the destination address is translated to 10.10.10.1.Also, when the NAT receives a packet on its inside interface with a destination address of 10.10.10.5, the address will be translated to 171.16.68.1.

 

 

ip nat inside source static 10.10.10.1 171.16.68.5

! --- Inside device A được biết đến Outside Cloud là 171.16.68.5.

 

ip nat outside source static 171.16.68.1 10.10.10.5

! --- device A được biết đến bên ngoài Cloud như 10.10.10.5.

 

interface s 0

ip nat inside

 

interface s 1

ip nat outside

 

When the internal device communicates with an external device, the addresses are defined as follows:

 

Inside Global

Inside Local

Outside Local

Outside Global

171.16.68.5

10.10.10.1

10.10.10.5

171.16.68.1

 

Again we note that the local address is the address that appears in the inside network and the global address is the address that appears on the outside network.In this special case, because of how to configure NAT, both 'inside' and 'outside' addresses are translated so that the 'inside local' address will be different from the 'inside global' and the address' outside. local 'will also be different from the' outside global 'address

 

The following figure shows the message when it is on the inside and outside network.

 

Understand more about local and global addresses in NAT Picture 5

In short, the terms 'local' and 'global' will be much more understandable if we look at their location when appearing in the network.The local address only appears in the 'inside' part of the network while the global address only appears in the 'outside' section of the network.Also depending on how the NAT is configured, global and local addresses on each interface (inside or outside) may be the same or not the same.

4 ★ | 3 Vote
addressinsideoutsidelocal

You should read it

May be interested

  • Basically about Wireless NetworkingPhoto of Basically about Wireless Networking
    wireless networking (wireless networking) is a new solution for office, home, or large network models where ethernet networks cannot work. installing a basic wireless network is simpler than the ethernet (wired network) network, and you can easily import more pcs or other devices to the network. in this section, we will introduce you to the basic equipment and general knowledge about devices in a wireless network.
  • HOW TO INSTALL ISA SERVER ENTERPRISE 2000Photo of HOW TO INSTALL ISA SERVER ENTERPRISE 2000
    main functions of the product: - protection of the network against internet attacks - allowing clients inside the internal network to access controlled services outside the internet. installation instructions on windows 2000/2003 server: - isa server 2000 installation server must be a clean server, which means that you should not deploy other network services that are not recommended. this will help set up a system with high safety. services should not be installed together with isa server 2000:
  • HOW TO INSTALL ISA SERVER ENTERPRISE 2000 - Part IIPhoto of HOW TO INSTALL ISA SERVER ENTERPRISE 2000 - Part II
    one of the most important parts on isa server systems is to understand exactly what services are running on isa server, how these services work together, and with what types of isa clients. a simple diagram can be sketched as follows about the main services running on the isa server.
  • HOW TO INSTALL ISA SERVER ENTERPRISE 2000 - Part IIIPhoto of HOW TO INSTALL ISA SERVER ENTERPRISE 2000 - Part III
    how to configure isa server to work with three types of isa clients: securenat client, web proxy client and firewall client. the instructions on how to configure isa server and differentiate different types of isa clients, which can be used according to different circumstances, can help the admin take advantage of isa and deploy properly with love. bridge on your organization's network system
  • INSTRUCTION FOR ISA SERVER ENTERPRISE 2000 - IVPhoto of INSTRUCTION FOR ISA SERVER ENTERPRISE 2000 - IV
    the most frequently asked questions about isa clients are: what is the isa client, what are the types, and which are used? all of these questions are necessary when you work with a complex system like isa server. the article provides an overview and how to deploy isa clients, exactly how
  • CDMA network technologies: A decade of development and challenges - Part 2Photo of CDMA network technologies: A decade of development and challenges - Part 2
    the article briefly describes the origins of cdma technology and the introduction of 3g versions such as cdma2000 1x and cdma2000 1x ev-do. an overview of the network structure is presented with detailed explanations of the role of each component and interface in the network and protocol testing to change according to the needs of the network. the article will conclude with a discussion of some technical issues that may appear in cdma networks and some proposed solutions.

LAN - WAN