Table of Contents
NAT is the short form of Network Address Translation. NAT is used to modify the source and/or destination IP addresses of packets. There are various reasons to use NAT, but the most common reason is to allow hosts with private IP addresses to communicate with other hosts over the Internet.
Overview
Network address translation (NAT) is a technique used in computer networking to translate between addresses used in different IP networks. A device performing NAT is known as a NAT router. Network address translation allows multiple devices on a local network to share one public IP address.
There are three common types of NAT: static, dynamic, and port address translation (PAT). Static NAT is the simplest type; it assigns a fixed public IP address to a private IP address. Dynamic NAT uses a pool of public IP addresses and assigns them dynamically to private devices as they need them. PAT translates one private IP address to one public IP address by using different ports.
Source NAT is a special type of PAT that maps multiple private IP addresses to one public IP address. This is commonly used when connecting two networks together through a VPN or when using peer-to-peer networking applications.
Configure and verify inside source NAT using static and pools
Private IPv4 address
RFC 1918 specifies the following IPv4 address ranges as private:
- 10.0.0.0/8 (10.0.0.0 to 10.255.255.255)
- 172.16.0.0/12 (172.16.0.0 to 172.31.255.255)
- 192.168.0.0/16 (192.168.0.0 to 192.168.255.255)
Static NAT
Involves statically configuring one-to-one mappings of private IP addresses to public IP addresses.
Static NAT allows devices with private IP addresses to communicate over the Internet. However, because it requires a one-to-one IP address mapping, it doesn’t help preserve IP addresses.
Inside Local
The IP address of the inside host, from the perspective of the local network
*the IP address actually configured on the inside host, usually a private address
Inside Global
The IP address of the inside host, from the perspective of outside hosts
*the IP address of the inside host after NAT, usually a public address
Static NAT Configuration
- Select inside interface – internal network
- Select the outside interface – external network
- Configure one-to-one IP address mappings
Dynamic NAT
- In dynamic NAT, the router dynamically maps inside local addresses to inside global addresses as needed
- .An ACL is used to identify which traffic should be translated.
- If the source IP is permitted by the ACL, the source IP will be translated.
- If the source IP is denied by the ACL, the source IP will NOT be translated.
- A NAT pool is used to define the available inside global addresses
- Although they are dynamically assigned, the mappings are still one-to-one (one inside local IP address per inside global IP address).
- If there aren’t enough inside global IP addresses available (=all are currently being used), it is called ‘NAT pool exhaustion’.
- If a packet from another inside host arrives and needs NAT but there are no available addresses, the router will drop the packet.
- The host will be unable to access outside networks until one of the inside global IP addresses becomes available.
- Dynamic NAT entries will time out automatically if not used, or you can clear them manually.
PAT (NAT Overload)
PAT (aka NAT overload) translates both the IP address and the port number (if necessary).
- By using a unique port number for each communication flow, a single public IP address can be used by many different internal hosts. (port number are 16 bits = over 65,000 available port numbers).
- The router will keep track of which inside local address is using which inside global address and port.
- Because many inside hosts can share a single public IP, PAT is very useful for preserving public IP addresses, and it is used in networks all over the world.
PAT Configuration
