Differences between Cisco nat inside interface, outside interface, and nvi Interface

Differences between Cisco nat inside interface and outside interface and nvi interface on r2, e0/0 is outside, e0/1 is inside, ip nat outside sour static 1.1.1.1 202.100.1.5 is used to convert 1.1.1.1 of outside to 202.100.1.5 of inside. However, the outside interface is pre-routing because the packet passes through outside first, therefore, nat routing is performed first, and packet removal is no problem. Because of the first route, the returned packet is obtained from the transformed global destination address, this is not the same as the actual Intranet destination address. Therefore, the route using the Global Destination Address of the returned packet before nat is incorrect, So ping fails. You can use add-route when performing nat. the keyword is to add the address route entries before the translation to the routing table of the transformed router. Therefore, if there is no route for the back-to-package during source address conversion on the outside, try to avoid source address conversion on the outside. However, if the source address entry of the nat Router does not have problems. While inside is post-routing, it first goes through the inside interface's data packet, it will first make the route and then convert, so the inside source address conversion will first begin with conversion after packet removal, the back-to-Package first goes through the outside interface, so the destination address is first converted to an internal address. In this case, the route based on the destination address after the conversion is correct. Cisco's mechanism is to separate routing from nat. To bypass the differences between the inside and outside interfaces, Cisco uses the nvi interface instead of the first two. That is to say, all interfaces that enable nat will redirect the nat traffic flowing through them to the nvi, nvi has only one action, that is, nat translation. In this example, if both sides of r2 are ip nat enable interfaces, the packet removal and packet return operations are completed before the routing, therefore, the router does not notice that the packet has undergone conversion, so the debug ip nat on r2 does not see the conversion information .. However, when inside and outside are used, the conversion information is displayed, because the conversion is not transparent to the router.