Table of Content

Network Address Translation (NAT) Introduction What does NAT do? Types of NAT Static NAT Dynamic NAT NAT with PAT NAT Addressing Terms NAT Configuration Summary

Network Address Translation (NAT) Introduction
As you know the Internet has grown larger than anyone ever imagined it. These days you hardly can find anyone that has a computer without Internet access. Or you can hardly find a company or a university that does not use computers and the Internet. So why do I talk about the Internet and what does the size of the Internet have to do with NAT? Basically everything! For a computer to communicate with other computers and Web servers on the Internet, it must have an IP address. It’s more like the telephone network; everyone on this network has a unique phone number. When IP addressing first came out, everyone thought that there are more than enough addresses to cover any need. Theoretically, you could have 4,294,967,296 unique addresses (232). Though, the actual number of available addresses is smaller (somewhere between 3.2 and 3.3 billion) since some of the addresses are set aside for multicasting, testing or other special uses. With the explosion of the Internet and the increase in home networks and business networks, the number of available IP addresses is simply not enough. This is where NAT comes to the picture. Network Address Translation allows a single device, such as a router, to act as an agent between the Internet and a local (or "private") network. This means that only a single, unique IP address is required to represent an entire group of computers.

this is the method that NAT uses. NAT is configured on a device (firewall. www. the receptionist checks a lookup table that matches the requested name with the extension. Figure 1 Therefore.What does NAT do? NAT is like the receptionist in a large organization. router or computer) that resides between an internal network and the rest of the world. which is the only number the caller knows. However. When the caller tells the receptionist that she is looking for someone in the . Then the receptionist forwards the caller to the extension of the requested person. Imagine an organization with 400 employees. the company can establish its internal phone network with an extension for each employee which is locally significant. then they have to request for 400 phone numbers from a telecommunication service provider which is very costly for the company. then to have a connectivity with the rest of the world they buy one or more valid phone numbers. If the organization wants to provide a phone line for everyone. Anyone from the outside calls the main number to the organization.cbtvid.

com . which are not in use on the Internet.cbtvid.Figure 2 With NAT. listed as Source IP address in the IP packet — with a public IP address and then sends the packet out. The NAT device receives the packet then it replaces the Destination IP address with the original client’s address in the local network. router or computer) and not the client from the internal network therefore. the NAT device replaces the private IP address. all computers on the internal network can use a private range of IP addresses. it sends a return packet back to the new assigned IP address. When they make a connection to the outside world. The destination computer on the Internet thinks the original sender is that device (firewall. Types of NAT There are three different types of NAT: ● Static ● Dynamic ● Overloading or NAT with PAT (Port Address Translation) www.

This type of NAT is used when a device needs to be accessible from outside the network.Static NAT Static NAT Maps a private IP address to a public IP address on a one-to-one .cbtvid. This address will never be used by any other client in the local netowrk. www. Figure 3 In this type of NAT one public IP address is always assigned to one private IP address as shown in Figure 3.

If another client wants to get access to the Internet. Figure 4 In this method when a client sends a packet to the Internet. For example. it has to wait for one of the other three to finish its job and release the address so that the router can assign it to the forth . www. then only three clients can get access to the Internet at a time. the device in between assigns a public address from a pool of addresses that has already been configured on it. if the device in between is a router and the configured pool has three public IP addresses (Figure 4).Dynamic NAT This type of NAT Maps a private IP address to a public IP address from a pool of public IP addresses.cbtvid.

To tell which packets need to be sent back to which client the router keeps track of both the IP address and TCP or UDP port number in a table which is called NAT table.NAT with PAT Port Address Translation (PAT) maps all private IP addresses of a local network to a single public IP address on the access device. . using a single public IP address on the router.cbtvid. Figure 5 Figure 5 shows an example of PAT. In this type of NAT only one public IP address is required and the router does not care if it has one connection each to three different hosts or three connections to a single host IP address. www. PAT translates the local hosts’ private IP addresses to the one public IP address on different ports. to support all local clients at the same time.

Therefore. However. www. is the “inside” part of the network. The Internet side of the NAT function is the “outside” part of the network. Figure 6 All the other IP addresses outside the company are known as “outside”. if the address is outside the organization and it is a public address it is known as “outside global” and if the address is outside the organization and behind another NAT with a private address. and needs NAT. All the private addresses in the local network need a public address when they want to access the Internet. it is known as “outside local” (Figure 7). the private addresses in the local network are known as “inside local” and the public address of the company used to represent them is known as “inside global” since it is a registered and globally known address (Figure 6).cbtvid.NAT Addressing Terms According to Cisco the enterprise network that uses private .

3. First. Configure outside interface. www. Configure inside interface. 2. Find out the interfaces that participate in NAT (inside and outside).Figure 7 NAT Configuration To configure NAT you have to follow few steps: 1. you need to find out which interface of the router or firewall participates in .

com . Imagine that you want to have a NAT configured for LAN 2 to get access to the Internet. one interface to the Internet and one to a branch office.cbtvid.Figure 8 For example in Figure 8 there is a router in Head Quarter that has four interfaces in different LANs. Therefore. Therefore. To configure these interfaces as NAT participant interfaces do the following: Router(config)#interface fastEthernet 0/2 Router(config-if)#ip nat inside and for the outside interface: Router(config)#interface serial ½ Router(config-if)#ip nat outside Now www. the interfaces that participate in NAT are Fast Ethernet 0/2 and Serial 1 /2. it is the Inside interface and Serial 1 /2 which is connected to the Internet is the Outside interface. In this case Fast Ethernet 0/2 is connected to the local LAN 2. Now you have to find out which one is Inside and which one is Outside.

Configure overloading NAT and refer it to the ACL and then overload the address of the interface that participates in outside NAT. Configure a pool of addresses. Router(config)#ip nat inside source list [ACL name or number] interface [name of the interface] overload .For Static: 3. Router(config)#ip nat inside source list [ACL name or number] pool [name of the pool] for example in our case it will be: Router(config)#ip nat inside source list NAT-ACL pool MYPOOL For Overloading NAT: 3. Dynamic and Overloading.g. Configure an ACL. enhancing network security ● ● www. Configure dynamic NAT and refer it to the ACL and Pool. Router(config)#ip nat inside source static [Local private IP address] [Local public IP address] Local private IP address: the private addresses in your local LAN Local public IP address: the public address that belongs to your company For Dynamic NAT: 3. Router(config)#ip nat pool [give a name to the pool e. Different typs of NAT are Static. Hides internal IP addressing scheme from the outside world. for example I name the configured ACL: PAT-ACL . Summary ● Network Address Translation allows an organization with private IP addresses to connect to the Internet by translating those addresses into public IP addresses. for example I name the configured ACL: NAT-ACL 5. MYPOOL] [start of the IP addresses] [end of the addresses] netmask [the subnet mask ] 4. Configure an ACL. Configure the static mapping.cbtvid.

Sign up to vote on this title
UsefulNot useful