Dynamic Translations
Dynamic translations use access list rules, to determine whether to apply NAT to
incoming traffic, and NAT address pools, from which a NAT translation can obtain
IP addresses. You use dynamic translation when you want the NAT router to initiate
and manage address translation and session flows between address realms on
demand.
Order of Operations
This section describes the order of operations for both inside-to-outside and
outside-to-inside translation.
Inside-to-Outside Translation
Inside-to-outside translation occurs in the following order:
1.
2.
3.
4.
5.
6.
Outside-to-Inside Translation
Outside-to-inside translation occurs in the following order:
1.
2.
3.
4.
Inside (privately addressed) traffic enters the router on an interface marked as
inside.
A route lookup is performed.
If the next interface is marked as outside, the router sends the traffic to the server
module.
The server module performs the appropriate translation.
The router forwards the packet to the appropriate egress line module.
The line module sends the packet as outbound traffic using a globally unique
source address (inside source translation), destination address (outside source
translation), and ports (NAPT).
Traffic from the outside, public domain enters the router.
All traffic from an interface that is marked outside, whether or not it requires
NAT, is sent to the server module.
The server module searches for an associated NAT match.
If the server module:
Finds a NAT match, and the destination interface is marked as inside, the
server module performs the appropriate translation and sends the packet
to the appropriate destination.
Does not find a NAT match, and the destination interface is marked as inside,
the server module drops the packet.
Does not find a NAT match, and the destination interface is not marked as
inside, the server module processes the packet normally for its destination.
Chapter 2: Configuring NAT
69
Order of Operations