Hi All,

I was doing lab 11.3 (Configuring PAT) on page 694, and I'm confused at the output I get when I issue a 'sh ip nat translations' from Lab A after telnetting from C->ISP and B->ISP:

Lab_A#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 171.16.10.100:1024 192.168.20.2:1030 171.16.10.1:23 171.16.10.1:23
tcp 171.16.10.100:1030 192.168.30.2:1030 171.16.10.1:23 171.16.10.1:23

The inside port numbers are confusing me. For the connection from 20.2, the inside local and inside global port numbers are different (1030 and 1024). But for the connection from 30.2, the inside local and inside global port numbers are the same (1030).

Can someone please explain why that is?

Thanks!

The local port numbers used for translation are the same (1030) so for port translation to work correctly, it must translate them aswell, so it uses 1024 and 1030.

I appreciate the reply, but I'm still confused....Can you elaborate?

I think maybe to clear up the source of your confusion, let's make sure that you fully understand the terms and what it happening.
The term inside local means two things. First the inside specifies the interface from the which the translation is occuring. The inside interface is designated by using the ip nat inside command on the interface. So for both inside local and inside global the inside portion means the same thing. That leaves the local and global portions. Local means the local address on the subnet before translation. Global means the address after translation to which you have specified.
Now in this example there are two source hosts 20.2 and 30.2, that is their layer 3 address. At layer 4 the port number that both of them are using happens to be 1030. Remember this is an example the likely hood of that being the case everytime is slim. You will probably see those source port numbers be different.
The global side port numbers have to be different in the case of PAT because the router is using the port numbers to keep each of the sessions from the local side unique. There is only one IP address for the router to use on the global side of the translation. Since the IP address will appear the same to all the hosts outside of the router that port number will keep them unique.
Now think about the traffic returning to the router from the outside hosts. In this example the outside host is 171.16.10.1. When that host sends traffic back to the router the destination port numbers will be different for each session. That port number is how the router knows which inside host to send the traffic back to.
Hope that helps
Pat

Thanks! I got it now. Much appreciated!