Network Address

Translation (NAT)

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

What is Network Address Translation (NAT)?

Designed for IP Address Simplification and Conservation
Enables Private IP Networks Using Unregistered Private IP
Addresses to Connect to Public IP Services
Operates on a Router Connecting Two or More Networks
Translates Private IP Addresses to Public Addresses
Supports Translation of Overlapping IP Address Networks
Provides Topology Hiding by Advertising Translated Public IP
Addresses to Outside World
Translation is Bi-Directional and Can be Dynamic or Static
Works with Port Address Translation (PAT) to Conserve Public IP
Address Usage
Translation Can be Based on Source or Destination IP Address
NAT Can Break Some Applications Where IP Addresses are
Embedded in the Data Payload or Application Expects Pre-Defined
Source/Destination Port Addresses
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Why Do We Need NAT?

Not Enough IPv4 Addresses to Cover Demand
Public Address Space Costs $$$
Original Intention was to Slow the Depletion of Public IPv4
Addresses

Allows Private Networks with Many Private IP Addresses to

Access Public IP Services with Single Public IP Address
Useful for Network Migrations and Mergers Where IP
Addresses May Overlap or Need to be Reassigned
Tool Used by Network Managers when Changing ISPs to
Prevent the Need for Changing Internal IP Addresses
Used by Broadband ISPs in Home Gateways

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Key NAT Terms

NAT Network Address Translation
PAT Port Address Translation (aka Overloading)
Inside Local Inside Source IP Address BEFORE Translation
Set of Networks Subject to Translation
Outside Local Outside Destination IP Address BEFORE
Translation Usually Valid Public IP Addresses
Inside Global Inside Source IP Address AFTER Translation
The Way Inside Local IP Addesses Appear to the Outside
Outside Global Outside Destination IP Address AFTER
Translation
Translation Entries
Simple - Maps Inside IP Address to Outside IP Address
Extended Maps Inside IP Address and Port Pair to Outside IP Address
and Port Pair

Translation Table Table of Local/Destination Translation Entries

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

How Does NAT Work?

Operates on a Router Connecting Two Networks Together, One
Inside and One Outside
Works in Conjunction with Routing

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

How Does NAT Work?

Host on Inside Network Requests a Connection to an Outside Host
Inside Local Address and Inside Global Address Added to
Translation Entry

10.6.1.20 is Inside Local Address

171.69.68.10 is Inside Global Address
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

How Does NAT Work?

Inside Local Address is Translated to Inside Global Address

192.168.1.20 is Outside Local Address

171.69.68.10 is Outside Global Address
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

NAT In Action - Demo

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

How Does PAT Work?

Incudes Ports in Addition to IP Addresses
Uses Dynamic/Private Port Range 49,152 65,535
Maps Multiple Inside Addresses to One Outside Address

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Pop Quiz!
Why do we need to use NAT?
What is PAT? When do we need to use it?
On which type of network device is NAT implemented?

NAT translations are stored as ___ ___ in the ___ ___.

What is one of the more common implementations of
NAT?

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

10