Cisco CCNA Network Address Translation


This section will teach you how to design and implement Network Address Translation (NAT) / Port Address Translation (PAT) on a network.

Note: This next chapter can be difficult, but it is very important.  NAT is utilized in most networks when connecting to the Internet since most companies have a limited number of publically routable addresses, most of the time internal networks utilize address space from RFC 1918 which specifies private address space.  Since private addresses are not routable on the Internet, they have to be translated to a publically routable address before accessing the Internet, hence the need for NAT.


Cisco CCNA Why yse NAT?


This slide describes circumstances when you would implement NAT.  NAT decreases the amount of Public IP addresses required in your networking environment.  NAT may also be used when two companies that have duplicate internal addressing schemes merge, or a company changes its Internet Service Provider (ISP) but does not want to change its internal address scheme.

Not a week goes by where we don’t hear about another merger or acquisition.  NAT is commonly used as a tactical solution to IP address overlap that is introduced by two companies with like IP addressing, merging, and needing to communicate with one another.

NAT sounds like the thing to do right, well there are some Advantages and disadvantages of using NAT.  Lets take a look at those on the next slide.

Cisco CCNA NAT Considerations


This figure describes advantages and disadvantages of implementing NAT.

The most obvious advantage is that NAT conserves publically routable addresses.

The biggest disadvantage is that certain applications will not work through NAT.

We will take a look at an overview of NAT on the next page.

Cisco CCNA NAT Address Terms


The names that are used to describe the addresses are fairly simple.

The addresses used after NAT translation are called Global addresses.  These are usually the public addresses used on the internet, but public addresses are not required if you aren’t going on the internet.

Local addresses are the addresses used before NAT translation.  So, the inside local address is the private address of the sending host, the outside local address is the address of the destination host, usually a public address. This is how the packet starts out. 

After translation the inside local address gets translated to the inside Global address and the Outside Global address is still the address of the destination host.


Cisco CCNA NAT Overview


Lets take some time to highlight some important NAT terms.  We see towards the bottom of the figure a ‘Simple NAT table’.  In this table we see two items listed, the Inside Local IP address and the Inside Global IP address.

Inside Local IP address:  These are private IP addresses that you or your company use to uniquely your identify hosts within your LAN.

Inside Global IP address: These are the Public IP addresses your company will use to translate the Local IP addresses into in order to communicate on the Internet.

There are three basic types of NAT: Static, Dynamic and NAT Overload.  Each of which will be described in this chapter.


Cisco CCNA Translating insode local Addresses


Ok, lets take a look at how this works.

Host sends an outbound packet to the NAT router.

The router identifies the IP address as an Inside Local IP address destined to an outside network and translates the address a publically routable address of as well as documents the translation in the NAT table.

The packet is sent to the outside interface with the new translated source address of

The External host returns the packet to the Destination host of

The NAT router translates the Inside Global IP address back to the Inside Local IP address of using the NAT table and send to packet to the inside host.

During our Lab scenarios, we will learn to configure address translation including dynamic NAT and PAT configurations.

Cisco CCNA Overloading Inside Global Addresses


Now we are doing a process called overloading. With overloading, all inside hosts get translated to one single IP address…hence the term overloading.

Overloading inside global address translation is often referred to as Port Address Translation (PAT).  Let’s take a look at our NAT table.  In addition to the inside local IP address and outside global IP address we now have port numbers.  These port numbers help the router identify which host should receive the return traffic.

The most common application for this is Internet access.  This is the method used to reduce the address footprint of large corporations by having them represented on the Internet by their proxy address.  This is usually done using NAT overload or PAT.  Sessions are uniquely identified by all fields listed in the NAT table on the slide.

Cisco CCNA Static Nat Configuration


We looked at two examples of Network Address Translation, now lets find out how to configure them.  First let’s find out how to configure Static NAT.

The ip nat inside source command identifies what IP addresses will be translated.  In this configuration example the ip nat inside source command configures a STATIC translation between the inside local ip address to the outside global ip address

If we look further down in the configuration, we see that we have an ip nat command under each interface.  The “ip nat inside” command identifies that interface as an inside source.  The “ip nat outside command identifies that interface as an outside source.  The “ip nat inside and “ip nat outside” commands are configured under the respective inside and outside facing interfaces.