NAT: Inside vs. Outside

[polm]

Why would I choose to create my NAT using Inside --> Outside translation, versus Outside --> Inside?

It seems that once a translation is establised, it works both ways.

Is the primary question: Who will be initiating the traffic?

I've gone through this doc : http://www.cisco.com/en/US/tech/tk648/t...logies_tech_note09186a0080094837.shtml

and this doc : http://www.cisco.com/en/US/tech/tk648/t...guration_example09186a0080093f8e.shtml

and this one : http://www.cisco.com/en/US/tech/tk648/t...logies_tech_note09186a0080133ddd.shtml

I'm still confused

 

[polm]

"there are no entries in the translation table until the router (configured for NAT) verifies the translation criteria of the packet"

--Summary (bottom of page)

But, How do I decide which side should be 'inside' and which should be 'outside' ?

 

[polm]

My new line of thinking :

In terms of deciding which interface will be defined as "ip nat inside" vs. "ip nat outside":

Inside = Private (concealed)

Outside = Public (exposed)

It's all about visibility. Who sees who, and how are they seen. Right ?

Obviously in a situation where RFC 1918 private IP's are trying to access public internet addresses the setup is pretty straightforward.

And in an overlap situation where 2 identical networks need connectivity, a double NAT is required.

But ther are other applications for NAT and PAT, and it's these more unlikely situations that I find myself a bit unsure about choosing 'inside' vs. 'outside'.

 

[spidey07]

correct.

It has to do with how the tranlsation is formed and in what direction.