These blocks of addresses can be used by multiple organizations for their private networks but they are not routable on the Internet. For hosts with these addresses that need to access the Internet a device must be deployed at the edge of the network that performs address translation to unique public addresses.
Network Address Translation (NAT) is used to translate Private IP addresses from the reserved private address space defined in RFC 1918 to Public IPv4 addresses which are routable on the Internet. NAT is usually implemented on a router that sits at the edge connecting a private network on side and the public network (Internet) on the other side. There are various types of NAT but in this lesson we will focus on the following three types of NAT.
Static NAT is used to translate a private IP address to a Public IP address on a one-to-one basis. Static NAT creates a fixed translation of a private IP address or a subnet to a Public IP address or subnet. The translation is persistent and the Public IP address is same for each consecutive connection.
Dynamic NAT is used translate group of private IP addresses to a pool of Public IP addresses. Dynamic NAT also establishes one-to-one mapping between private and public IP address but the translation will be temporary and after the connectivity is not required the translation will be removed and the public IP address will be returned to the pool and which can then be used to translate any other private host.
Port Address Translation is used to translate multiple private IP addresses to a single public IP address. To keep each translation unique a private IP address and source port is translated to Public IP address and mapped port.
Table below list various NAT terminologies
|
NAT Terminologies |
|
|
Network Address Translation (NAT)
|
Mapping an IP address to another IP address either statically or dynamically |
|
Port Address Translation (PAT)
|
Mapping multiple IP address to a single IP address. To differentiate between connections source port is also changed. Also known as NAT overload
|
|
Inside Local
|
IP address assigned to the host on the private network |
|
Inside Global
|
The IP address of a private host as it appears to the public network.
|
|
Outside Local
|
IP address of a public host as it appears to the private network
|
|
Outside Global
|
IP address assigned to a host on the public network by the host owner
|
Nat Configuration
We will use the network in the figure below to demonstrate the configuration of Static, Dynamic NAT and PAT.
We will configure the Cisco Router to perform Static NAT on the IP address 10.1.1.200 owned by Web Server and Dynamic NAT to translate the IP addresses of three hosts to dynamically to a pool of addresses.
Router(config)interface fastethernet 0/0
Router(config-if)ip address 10.1.1.1 255.255.255.0
Router(config-if)ip nat inside
Router(config)interface fastethernet 0/1
Router(config-if)ip address 116.100.100.194 255.255.255.248
Router(config-if)ip nat outside
Router(config)ip nat inside source static 10.1.1.200 116.100.100.195
— The command above configures static NAT for private IP address 10.1.1.200 to public IP address 116.100.100.195 —
Router(config)access-list 101 permit ip 10.1.1.10 any
Router(config)access-list 101 permit ip 10.1.1.11 any
Router(config)access-list 101 permit ip 10.1.1.12 any
Router(config)ip nat pool DYN_NAT_POOL 116.100.100.196 116.100.100.198 prefix-length 24
Router(config)ip nat inside source list 101 pool DYN_NAT_POOL
— The commands above configure Dynamic NAT for a group three hosts which are assigned public IP addresses from a pool of three public IP addesses —
We can also configure Port Address Translation for the three hosts such that all three of them will be overloaded to a single IP address. To configure PAT use the following command
Router(config)ip nat inside source list 101 interface fastethernet 0/1 overload
Today we covered Network Address Translation and configuration, NAT is a very important lesson and students must have thorough conceptual and practical knowledge of NAT as almost all enterprise networks connected to the Internet use NAT.