I have some concept problem with the NAT. Here is the Cisco definition for the local and Global and the NAT operation.
Local address—A local address is any address that appears on the inside portion of the network.
Global address—A global address is any address that appears on the outside portion of the network.
Packets sourced on the inside portion of the network have an inside local address as the source address and an outside local address as the destination address of the packet, while the packet resides on the inside portion of the network. When that same packet gets switched to the outside network, the source of the packet is now known as the inside global address and the destination of the packet is known as the outside global address.
Conversely, when a packet is sourced on the outside portion of the network, while it is on the outside network, its source address is known as the outside global address. The destination of the packet is known as the inside global address. When the same packet gets switched to the inside network, the source address is known as the outside local address and the destination of the packet is known as the inside local address.
Ref::http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml#defining
My question is the term "local" mean the traffic in the LAN side of the network and the term "global" mean the traffic in the WAN side of the network?
and when I use the command "ip nat inside destination", I will set up a translation between a local inside address and a global inside address, and for the command "ip nat outside source", I will set up a translation between a local outside address and a global outside address, is this correct?
Last one, why we don't need to set up the NAT between the Outside local and Inside global? or the NAT between the Outside global and Inside local?
Best Answer
Usually NAT will be used to translate between private to public IP address but this is not the only use case. You can also translate between any addresses you want such as private to private.
The terms local and global most often refer to the inside and outside of your network but this doesn't mean that it MUST be LAN and WAN although it often is.
So say that we have a webserver on our LAN with the IP 10.0.0.1. We want the webserver to be accessible from a public IP of 130.130.130.130.
What this does is to translate all packets from 10.0.0.1 (Source IP) to a source of 130.130.130.130 when exiting on the outside interface. This command is bidirectional so all packets entering the outside interface with a destination IP of 130.130.130.130 will also get translated to 10.0.0.1.
The ip nat inside destination command translates from inside global to one or several inside locals. This is primarily used to do primitive load sharing.
What this does is to translate from 130.130.130.130 to 10.0.0.1, 10.0.0.2 and 10.0.0.3 in a rotary fashion. So for every incoming request to the inside global IP of 130.130.130.130 it will be translated to a different inside local address in a round robin fashion.
IP nat outside source static translates between outside global and outside local IP. One common use case would be if you have overlapping subnets. Like if you are doing a merger and both companies use the same IP subnets. So say that both company A and company B are using 10.0.0.0/24 for something. So you are working for company A and you want to translate all 10.0.0.0/24 on the outside to 192.168.0.0/24.
Then you would have to do the same for traffic going from the inside to the outside of course.
Regarding your last question it only really makes sense to either translate the source or the destination of the packet. What you are suggesting sounds like some kind of policy routing. You can use inside and outside NAT to do everything you need.