NAT: Local and Global Definitions

Published by h4ck0lic // On 11:54ā€ÆAM // 0 comments

Term Definitions:

Cisco defines these terms as follows:
  • Inside local address - The IP address assigned to a host on the inside network. This is the address configured as a parameter of the computerā€™s OS or received via dynamic address allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by the Network Information Center (NIC) or service provider.
  • Inside global address - A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.
  • Outside local address - The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside.
  • Outside global address - The IP address assigned to a host on the outside network by the hostā€™s owner. The address is allocated from a globally routable address or network space.
The above definitions still leave a lot to be interpreted. For this example, this document redefines these terms by first defining ā€œlocal addressā€ and ā€œglobal address.ā€ Keep in mind that the terms ā€œinsideā€ and ā€œoutsideā€ are NAT definitions. Interfaces on a NAT router are defined as ā€œinsideā€ or ā€œoutsideā€ with the NAT configuration commands, ip nat inside and ip nat outside. Networks to which these interfaces connect can then be thought of as ā€œinsideā€ networks or ā€œoutsideā€ networks, respectively.
  • Local address - A local address is any address that appears on the ā€œinsideā€ portion of the network.
  • Global address - A global address is any address that appears on the ā€œoutsideā€ portion of the network.
Packets sourced on the ā€œinsideā€ portion of the network have an ā€œinside local addressā€ as the source address and an ā€œoutside local addressā€ as the destination address of the packet, while the packet resides on the ā€œinsideā€ portion of the network. When that same packet gets switched to the ā€œoutsideā€ network, the source of the packet is now known as the ā€œinside global addressā€ and the destination of the packet is known as the ā€œoutside global address.ā€
Conversely, when a packet is sourced on the ā€œoutsideā€ portion of the network, while it is on the ā€œoutsideā€ network, its source address is known as the ā€œoutside global address.ā€ The destination of the packet is known as the ā€œinside global address.ā€ When the same packet gets switched to the ā€œinsideā€ network, the source address is known as the ā€œoutside local addressā€ and the destination of the packet is known as the ā€œinside local address.ā€
This image provides an example.
8a.gif
Examples
These sections examine these terms more closely using the following topology and examples.
8b.gif
Define Inside Local and Inside Global Addresses
In the configuration below, when the NAT router receives a packet on its inside interface with a source address of 10.10.10.1, the source address is translated to 171.16.68.5. This also means that when the NAT router receives a packet on its outside interface with a destination address of 171.16.68.5, the destination address is translated to 10.10.10.1.
ip nat inside source static 10.10.10.1 171.16.68.5
!ā€” Inside device A is known by the outside cloud as 171.16.68.5.
interface s 0
ip nat inside
interface s 1
ip nat outside
When the inside device is communicating with the outside device, the addresses are defined in this way:
Inside Global Inside Local Outside Local Outside Global
171.16.68.5 10.10.10.1 171.16.68.1 171.16.68.1
As mentioned before, the local addresses are addresses that appear on the inside cloud. Global addresses are addresses that appear on the outside cloud. Because of the way NAT is configured, the inside addresses are the only addresses that are translated; therefore, the ā€œinside localā€ address is different from the ā€œinside globalā€ address, while the ā€œoutside localā€ address is the same and the ā€œoutside globalā€ address.
The following is what the packets look like when they are on the inside network and on the outside network.
8c.gif
Define Outside Local and Outside Global Addresses
In the next configuration, when the NAT router receives a packet on its outside interface with a source address of 171.16.68.1, the source address is translated to 10.10.10.5. This also means that if the NAT router receives a packet on its inside interface with a destination address of 10.10.10.5, the destination address is translated to 171.16.68.1.
ip nat outside source static 171.16.68.1 10.10.10.5
!ā€” Outside device A is known to the inside cloud as 10.10.10.5.
interface s 0
ip nat inside
interface s 1
ip nat outside
When the Outside Device A is communicating with Inside Device A the addresses are defined in the following way:
Inside Global Inside Local Outside Local Outside Global
10.10.10.1 10.10.10.1 10.10.10.5 171.16.68.1
The local addresses are addresses that appear on the inside cloud. Global addresses are addresses that appear on the outside cloud. In this example, because of the way NAT is configured, only the outside addresses get translated; therefore, the ā€œoutside localā€ address is different from the ā€œoutside globalā€ address, while the ā€œinside localā€ address is the same and the ā€œinside globalā€ address.
The following is what the packets look like when they are on the inside network and on the outside network.
8d.gif
Define All Local and Global Addresses
In the final configuration, when the NAT router receives a packet on its inside interface with a source address of 10.10.10.1, the source address is translated to 171.16.68.5. When the NAT router receives a packet on its outside interface with a source address of 171.16.68.1, the source address is translated to 10.10.10.5.
This also means that when the NAT router receives a packet on its outside interface with a destination address of 171.16.68.5, the destination address is translated to 10.10.10.1. Also, when the NAT router receives a packet on its inside interface with a destination address of 10.10.10.5, the destination address is translated to 171.16.68.1.

ip nat inside source static 10.10.10.1 171.16.68.5

!ā€” Inside device A is known to the outside cloud as 171.16.68.5.

ip nat outside source static 171.16.68.1 10.10.10.5
!ā€” device A is known to the inside cloud as 10.10.10.5.
interface s 0
ip nat inside
interface s 1
ip nat outside
If Inside Device A were communicating with Outside Device A the addresses would be defined in the following way:
Inside Global Inside Local Outside Local Outside Global
171.16.68.5 10.10.10.1 10.10.10.5 171.16.68.1
Notice once again that the local addresses are addresses that appear on the inside cloud, and that global addresses are addresses that appear on the outside cloud. In this particular case, because of the way NAT is configured, both the ā€œinsideā€ addresses and the ā€œoutsideā€ addresses are translated; therefore the ā€œinside localā€ addresses are different from the ā€œinside globalā€ addresses and the ā€œoutside localā€ addresses are different from the ā€œoutside globalā€ addresses.
The following is what the packets look like when they are on the inside network and on the outside network.
8e.gif
In summary, the terms ā€œlocalā€ and ā€œglobalā€ are actually quite straight forward when we think of them in terms of where they appear in the network. Local addresses appear on the ā€œinsideā€ portion of the network while global addresses appear on the ā€œoutsideā€ portion of the network. Also, depending on how NAT is configured, the local and global addresses for each (inside and outside) may be, or may not be, the same.
From : www.cisco.com
File Under: