Source and Destination NAT

patil.sushanth68 · February 14, 2018, 12:07pm

Hi,

Can you explain Source and Destination Nat in ASA and also in IOS with a scenario… Please…

ReneMolenaar · March 5, 2018, 11:26am

Hi Sushanth,

Source NAT is typically used for Internet access where we translate the source address of a host to the public IP address of our router. Here is an example for Cisco IOS and ASA:

Destination NAT is typically used for load balancing. We translate the destination when the packet goes from the outside to the inside. I don’t have a complete lesson for this but here is a quick example for Cisco IOS. Here’s the config of the NAT router:

hostname R1
!
ip cef
!
interface GigabitEthernet0/1
 ip address 192.168.12.254 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/2
 ip address 192.168.1.254 255.255.255.0
 ip nat outside
!
!
ip nat pool TELNET_SERVERS 192.168.12.1 192.168.12.2 prefix-length 24 type rotary
ip nat inside destination list PUBLIC_IP pool TELNET_SERVERS
!
ip access-list standard PUBLIC_IP
 permit 172.16.1.1
!
end

We have two telnet servers, 192.168.12.1 and 192.168.12.2. This router can use 172.16.1.1 on the outside, this could be a public IP.

When a device on the outside (192.168.1.1) connects to 172.16.1.1, the first time you get:

R1#
NAT*: s=192.168.1.1, d=172.16.1.1->192.168.12.1 [47462]

And the second time:

R1#
NAT*: s=192.168.1.1, d=172.16.1.1->192.168.12.2 [11370]

So it gets load balanced to 192.168.12.1 first, then to 192.168.12.2.

Hope this is helpful!

Rene