This topic is to discuss the following lesson:
If always the 1st rule will be used for NAT then, what is the use of the 2nd rule, please?
Hello Mohanad
For traffic that originates from S1 and goes to the Internet, it will always use the first NAT rule. But for traffic coming from the Internet, the translation works for both 192.168.12.100 and 192.168.13.100.
So the benefit of the second command is for incoming traffic.
I hope this has been helpful!
Laz
Can you check if my explanation below is correct?
After R1 receives a ping packet from S1, R1 does routing first and then NAT.
- Routing first: for destination 192.168.13.3, R1 will use the outgoing interface G0/3
- Then NAT: [s=192.168.1.1, d=192.168.13.3] → [s=192.168.12.100, d=192.168.13.3]
After ISP2 receives the traffic from R1, ISP2 won’t be able to reply as it doesn’t know how to reach 192.168.12.100
Another question is:
Is there a way to make sure that when we ping 192.168.13.3 from S1, the ping will work? If Cisco already implemented the “extendable” keyword, they should have implemented a way to make the ping work too. It doesn’t make much sense to me.
Hello Nguyen
Yes, the explanation is correct. Routing will cause the exit interface to be Gi0/3 while the first NAT statement will cause the source address to be translated to 192.168.12.100, which causes the ISP2 router to drop the packet, since it has no route to that destination.
The purpose of the extendible
keyword here is to allow multiple OUTSIDE to INSIDE NAT translations to take place to the same inside host address. This is useful because users on the Internet can be routed via either ISP to reach that host. However, having the host reach the Internet via two different ISPs is not a problem that the extendible keyword is used to solve. If you want to achieve this, for redundancy for example, there are other ways to do it such as SDWAN, redundant routing, or LAG for example.
I hope this has been helpful!
Laz
Hello ,
can we use the same public ip also with the parameter extendable
Exemple :
ip nat inside source static 192.168.1.10 192.168.12.100 extendable
ip nat inside source static 192.168.1.20 192.168.12.100 extendable
Thanks
Hello Ioac
No, you cannot use the same public IP address for two different private IP addresses in this manner. The NAT process is designed to map each private IP to a unique public IP. This is necessary to correctly route return packets to the appropriate private IP. If you were to issue the two commands in your post, the second command would overwrite the first.
The extendable
keyword allows the router to map a single private address to multiple public addresses, and not the other way around.
However, if you want to map multiple private addresses to a single public address, then you would use the “overload” feature of NAT, which is essentially PAT. For more information about PAT take a look at this lesson:
I hope this has been helpful!
Laz
Hi Laz,
Great. thanks