Understanding U-Turn NAT in Networking

Hello guys, so today we are going to learn U-turn nap. It is note that this is a very important concept which is always asked in the interviews. So listen carefully, it is little confusing but if you listen it carefully you will be able to answer question asked in the interviews. Interviewer might be asking questions in such a way that you might get puzzled or you get confused but just always keep in mind that the traffic is from starting from the trust and coming back to dmz so that's what it is let's understand in the detail what exactly it is the first important thing is that that why we use u-turn at so let's try to understand a scenario here let us suppose there is a company company abc which is having an internal ip addresses ranging from 192 168 something right so this is their subnet and all the ip addresses of this enterprise are start initial initiating from these ranges so obviously if you talk about the any server which is hosted publicly and that is also starting from this range but obviously the subnet is different here we are using 1.10 network and another dmz we are having 100.1 network but this server 192.168 100.10 is hosted publicly means that all the users from the internet they can access it so obviously this is going to be public so for that one what we do we normally configure a nat scenario and this private ip address will be translated to any of the public ip address so let us try to understand the scenario when a user is here who is at the outside or that is on internet and now he is trying to access it let's understand this scenario if he tries to access obviously he must be having a public ip address right so there's two cases either he directly hit the ip address of the server or he has the dns so first thing is that he is having the ip address of the server another thing and that is also important that he will be having the public ip address second thing is that the dns he will be hitting so i am taking the first case that he knows the public ip address because you know the concept of dns resolution so that similar concept but the most important thing is that he need an public ip address if a user at the internet want to access it so if he is trying to access then what is going to happen he will hit some public ip address which will be residing on the firewall or it can be on the load balancer but for the simplicity let's take it as that it is landing on the firewall so this public ip will be on this firewall right and now we have the net configured on this firewall and this nat thing it will be translating this public ip address this what this user is hitting and it will be translating that to the private ip address of the server this is quite similar and i hope you get that concept that if the user at the internet want to access the server he need a public ip address he will hit the firewall at the firewall we are having nat and after that he will be reaching to the server so this is the simple concept there is no problem with that one now the question comes that what is this u-turn that and why we need it a problem arises whenever any user at the internal network this is our internal right we can say the trust zone if he wants to access to the any of the dmg resource then what is going to happen because this nat rule we are having here that is for the public access means that this is publicly open any user from the internet he they can access this right how they are going to access it for that we configure an specific net policy what it does it is doing that whatever the ip address it will be having we will translate this ip address to the public ip address this is the first step we are going to do another thing what we are going to do we will concept this is one net is done another net we will do the same thing what we were doing for the public internet we will configure another net to reach to the bmg server so this is why uh like we are if you just summarize it or uh take it so it is what it is going to happen this is nat 2 policy we will be configuring nat number 2 and for the first one we will be configuring the nat 1 so we are having the two policies nat 1 policy and NAT2 policies. Now the question comes that why we call it as an U-turn NAT. So if you observe it very carefully that this is our internal network. We are having a private IP address here. This is also private IP address and both the subnet are our own private IP addresses but still we are going out. We are going publicly out and then we are coming back to our internal network. So if you miss is starting from your network going out and then you are coming back to your interline network so that's why we call it as an u-turn now how to configure the lab policy for that one that's i'm going to take in another session for that one that how to configure the lab for it because if i take it together it is going to be too long let's understand this with the help of ip address with how the translation will be happening right so let's take a simple example uh let us suppose that you are the user internet internal user and you are trying to initiate the traffic here so what will be the source ip address here this will be the source ip here your 192 168 1.10 right and the destination ip you might be hitting you can take it as an 40.40.1 or it can be something else as well so you will be hitting this or the initiating the traffic with this one right now once it reaches the firewall we will be having as usual nat translation nat right so what it will do it will translate the source ip address to it might be using our if it is going out it might be using the ip address interface ip address or it can be like any other ip address we might be using so here it can be like source ip address can be let us take 20.20.1 all right and the destination will be same 40.40.40.1 now as it reaches the at the firewall we are having the routing configured that whenever the any graphic is having destination 40.40.40.1 it has to be redirected to this direction and also we will configure a NAT rule here means that we have two things first we will be having the routing configured another thing we will be having the NAT so as it reaches the destination for 40.40.40.1 firewall knows that it has to forward that traffic to the ethernet 1 slash 3 next thing comes to the net now what it will do it will go through the second net policy so in the second net policy what it will do it will translate it further now what it will be it will be source ip will be the same like 20.20.20.1 and the destination ip this time will be the ip address or in fact we can say the private ip address of the server so it will be like 192 168 100.10 clear now it is the packet has arrived to the server the server will process it and as per the it has to respond as well so now the traffic will be going back so it will be reaching here when it comes to NAT this firewall on this firewall it has the NAT translation available because it has translated earlier according to the policy so now it will revert it back it will put the destination IP address as 40.40.1 and the source IP address now it knows that 20.20.1 translation to whom I am doing I have to forward the packet this direction right because the it was received from this one but again it will reverse this one this nat this nat will be reversed and according to this the packet will be like source ip will be our 40.40.40.1 and the destination ip will be the private ip address according to the nat translation whatever translation table was in the firewall because now it is the reverse order so that destination ip will be the again private ip address of the user 192.168.1.10 and now the packet will be delivered to this machine so that's what it is happening if you see the concept here the traffic is initiating like this and again it is going to like this so that's what it is our u-turn note so i hope it is quite clear and if you have any questions in this just feel free to write in the comment section i will be getting you back okay that's it on the uta net concept i will be taking the lab session very soon in the next session all right thank you guys see you soon

Interviewer might be asking questions in such a way that you might get puzzled or you get confused but just always keep in mind that the traffic is from starting from the trust and coming back to dmz so that's what it is let's understand in the detail what exactly it is the first important thing is that that why we use u-turn at so let's try to understand a scenario here let us suppose there is a company company abc which is having an internal ip addresses ranging from 192 168 something right so this is their subnet and all the ip addresses of this enterprise are start initial initiating from these ranges so obviously if you talk about the any server which is hosted publicly and that is also starting from this range but obviously the subnet is different here we are using 1.10 network and another dmz we are having 100.1 network but this server 192.168 100.10 is hosted publicly means that all the users from the internet they can access it so obviously this is going to be public so for that one what we do we normally configure a nat scenario and this private ip address will be translated to any of the public ip address so let us try to understand the scenario when a user is here who is at the outside or that is on internet and now he is trying to access it let's understand this scenario if he tries to access obviously he must be having a public ip address right so there's two cases either he directly hit the ip address of the server or he has the dns so first thing is that he is having the ip address of the server another thing and that is also important that he will be having the public ip address second thing is that the dns he will be hitting so i am taking the first case that he knows the public ip address because you know the concept of dns resolution so that similar concept but the most important thing is that he need an public ip address if a user at the internet want to access it so if he is trying to access then what is going to happen he will hit some public ip address which will be residing on the firewall or it can be on the load balancer but for the simplicity let's take it as that it is landing on the firewall so this public ip will be on this firewall right and now we have the net configured on this firewall and this nat thing it will be translating this public ip address this what this user is hitting and it will be translating that to the private ip address of the server this is quite similar and i hope you get that concept that if the user at the internet want to access the server he need a public ip address he will hit the firewall at the firewall we are having nat and after that he will be reaching to the server so this is the simple concept there is no problem with that one now the question comes that what is this u-turn that and why we need it a problem arises whenever any user at the internal network this is our internal right we can say the trust zone if he wants to access to the any of the dmg resource then what is going to happen because this nat rule we are having here that is for the public access means that this is publicly open any user from the internet he they can access this right how they are going to access it for that we configure an specific net policy what it does it is doing that whatever the ip address it will be having we will translate this ip address to the public ip address this is the first step we are going to do another thing what we are going to do we will concept this is one net is done another net we will do the same thing what we were doing for the public internet we will configure another net to reach to the bmg server so this is why uh like we are if you just summarize it or uh take it so it is what it is going to happen this is nat 2 policy we will be configuring nat number 2 and for the first one we will be configuring the nat 1 so we are having the two policies nat 1 policy and NAT2 policies. Now the question comes that why we call it as an U-turn NAT. So if you observe it very carefully that this is our internal network.

We are having a private IP address here. This is also private IP address and both the subnet are our own private IP addresses but still we are going out. We are going publicly out and then we are coming back to our internal network.

So if you miss is starting from your network going out and then you are coming back to your interline network so that's why we call it as an u-turn now how to configure the lab policy for that one that's i'm going to take in another session for that one that how to configure the lab for it because if i take it together it is going to be too long let's understand this with the help of ip address with how the translation will be happening right so let's take a simple example uh let us suppose that you are the user internet internal user and you are trying to initiate the traffic here so what will be the source ip address here this will be the source ip here your 192 168 1.10 right and the destination ip you might be hitting you can take it as an 40.40.1 or it can be something else as well so you will be hitting this or the initiating the traffic with this one right now once it reaches the firewall we will be having as usual nat translation nat right so what it will do it will translate the source ip address to it might be using our if it is going out it might be using the ip address interface ip address or it can be like any other ip address we might be using so here it can be like source ip address can be let us take 20.20.1 all right and the destination will be same 40.40.40.1 now as it reaches the at the firewall we are having the routing configured that whenever the any graphic is having destination 40.40.40.1 it has to be redirected to this direction and also we will configure a NAT rule here means that we have two things first we will be having the routing configured another thing we will be having the NAT so as it reaches the destination for 40.40.40.1 firewall knows that it has to forward that traffic to the ethernet 1 slash 3 next thing comes to the net now what it will do it will go through the second net policy so in the second net policy what it will do it will translate it further now what it will be it will be source ip will be the same like 20.20.20.1 and the destination ip this time will be the ip address or in fact we can say the private ip address of the server so it will be like 192 168 100.10 clear now it is the packet has arrived to the server the server will process it and as per the it has to respond as well so now the traffic will be going back so it will be reaching here when it comes to NAT this firewall on this firewall it has the NAT translation available because it has translated earlier according to the policy so now it will revert it back it will put the destination IP address as 40.40.1 and the source IP address now it knows that 20.20.1 translation to whom I am doing I have to forward the packet this direction right because the it was received from this one but again it will reverse this one this nat this nat will be reversed and according to this the packet will be like source ip will be our 40.40.40.1 and the destination ip will be the private ip address according to the nat translation whatever translation table was in the firewall because now it is the reverse order so that destination ip will be the again private ip address of the user 192.168.1.10 and now the packet will be delivered to this machine so that's what it is happening if you see the concept here the traffic is initiating like this and again it is going to like this so that's what it is our u-turn note so i hope it is quite clear and if you have any questions in this just feel free to write in the comment section i will be getting you back okay that's it on the uta net concept i will be taking the lab session very soon in the next session all right thank you guys see you soon

Transcript for:Understanding U-Turn NAT in Networking

Transcript for:
Understanding U-Turn NAT in Networking