Can PC1 Access PC2's WWW Service When Return Traffic Bypasses the NAT Router?

The question asks whether PC1 can successfully reach PC2’s HTTP service when outbound traffic from PC1 is NAT‑translated by router RT1, but the return packets from PC2 travel directly through core switch SW1 back to PC1, creating an asymmetric path that might disrupt the TCP connection.

Asymmetric routing can cause TCP sessions to fail because the return packets do not pass through the NAT device that performed the source‑address translation, leading to mismatched sequence numbers or firewall drops.

To address this, the author provides an example configuration that enforces symmetric routing: an ACL (number 3000) permits internal hosts to use the public IP 123.243.226.100, static one‑to‑one NAT mappings are defined, and outbound NAT is applied on the internal interface. The relevant interfaces and routes are configured as follows:

acl number 3000
 rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 123.243.226.100 0

interface GigabitEthernet1/0/0
 ip address 192.168.1.1 255.255.255.0
 nat static global 123.243.226.100 inside 192.168.1.2 netmask 255.255.255.255
 nat outbound 3000

interface GigabitEthernet2/0/0
 ip address 123.243.226.100 255.0.0.0
 nat static global 123.243.226.100 inside 192.168.1.2 netmask 255.255.255.255

ip route-static 0.0.0.0 0.0.0.0 123.243.226.101

These settings ensure that both request and response traffic traverse the router, preserving NAT state and allowing the TCP connection to remain stable.