How to configure Static NAT on Cisco IOS Router

Hello Shivam

Take a look at this lesson that talks about the difference.

Once again, take a look at the lesson linked above, it shows the process step by step and explains the differences and how each one is used.

This is the topology of the lesson:


In the NAT translation taking place from Host to Web1, the 192.168.12.1 address (of the host) is considered the inside local address. The 192.168.23.2 address is the inside global address. For more information on these naming conventions, take a look at this NetworkLessons note on the topic.

The ip nat outside source is applied for traffic that originates on the outside, and is destined for the inside. In other words, according to your second topology, it would be applied to traffic originated by the 10.0.0.51 host destined for the 10.0.0.50 host. Such a NAT configuration would do two things:

  • Translate the source of the IP packets that travel outside to inside.
  • Translates the destination of the IP packets that travel inside to outside.

So when the packet from the .51 (outside) host traverses the NAT router, the source IP address (that of the outside host) is changed in the packet to 8.0.0.50. So the .50 host sees that the packet came from 8.0.0.50, which is outside of its own subnet.
When the .50 host (inside) sends a packet back, and it traverses the NAT router, the destination IP is changed. So it’s changed back from 8.0.0.50 to 10.0.0.51.

In other words, on the way from outside to inside, the Outside Global address is translated to a different Outside Local address. On the way back, the opposite happens.

The above describes what the ip nat outside source static 10.0.0.51 8.0.0.50 does. The ip nat inside source static 10.0.0.50 9.0.0.50 command on the other hand, translates the inside local to the inside global address in much the same way. Does that make sense?

The ip nat inside and ip nat outside interface level commands are used to simply indicate which interfaces are considered outside interfaces and which are considered inside interfaces (as far as NAT is concerned). These commands act as labels.

When you then issue an ip nat inside/outside source command, it uses the labeled inside and outside interfaces to know how to deal with packets that arrive on those interfaces. If a packet arrives on a port marked as “inside” then the NAT source statement acts upon the packet in accordance with the “inside” or “outside” operation based on the nature of the specific port.

I hope this has been helpful!

Laz