The Internet Engineering Task Force (IETF) group defined RFC 1918 to specify the private address spaces, sometimes also called “non-routable” IP addresses. These addresses are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. You are free to use any of these addresses in your network, but for the devices using them do not have Internetwork connectivity. This means, those devices are not able to reach other networks, such as the Internet. By using NAT, you are able to reach other networks too.
NAT is implemented by a router in your network. NAT can be used for RFC 1918 addresses as well as for public IP addresses.
When a router configured for Network Address Translation receives a packet, it rewrites the address field with one of its own configured IP addresses and forwards the packet to the next hop device. The NAT router stores the local to global address mapping in its NAT table. After the packet leaves the NAT router, all the other devices in its road to destination are thinking the packet was originated by the router.
When talking about NAT, you may hear some key terms:
- Inside local address – most likely an RFC 1918 private address, but can also be assigned by your service provider.
- Inside global address – is the public IP address a host inside the LAN gets after exists the NAT router. For example, the IP address of a host in your LAN is 192.168.0.1 and the public IP address assigned by your service provider for your NAT router is 209.165.200.226. The public IP address of the router which is used for translation is the inside global address, in our case 209.167.200.226.
- Outside global address – is the public IP address of a host on the Internet.
- Outside local address – is the local IP address assigned to a host outside the network. Usually is identical with the outside global address.
Hosts inside networks using NAT are protected from the Internet. Internet hosts are unable to reach the internal hosts of a NAT network because the used IPs are not routable on the Internet, unless you configure your router to forward the connections to the internal hosts.
NAT is also used in small networks to share a single Internet connection with the help of a router.
There are two main types of NAT: static and dynamic.
Static NAT is used for one-to-one mapping. Each inside local address is mapped to an inside global address. All mappings remain constant. Static NAT is usually used for servers, network devices or hosts that must have an address that is accessible from the Internet.
Dynamic NAT is using a pool of IP addresses on a first-come, first-served basis. When a host with a private address tries to connect to the Internet, the router randomly assigns an IP address from its pool, which is not already in use by another host.
NAT Overload, sometimes referred as the third type of NAT and also called Port Address Translation (PAT), is used when the number of inside local addresses is greater than the available inside global addresses. A router configured for PAT is mapping multiple private IP addresses to fewer or even a single public IP address. Connections are tracked using the port numbers, which are assigned by the NAT router when the client initiates a TCP/IP session.
Hosts inside a LAN network using private IP addresses can be accessed from the Internet with a process called Port Forwarding. Port Forwarding is the process of forwarding connections coming to some destination ports and forwards those connections to a specified device on the network, to the same port or to some other port. For example, a host on the Internet makes a request to 209.165.200.226 on port 80. When the packet arrives on the router, the router forwards the packet to the device with the IP address 192.168.0.1 on port 80. Of course, you can forward the request to some other port, like 8088 for example.
We will discuss how to configure NAT on a Cisco router in our next article, but before we move on, let me give you an example NAT configuration. We need the host with the IP address 192.168.0.2 to access the Internet. For this, we need to do a static NAT. We will map the private IP address 192.168.0.2 to the routable IP address 209.165.200.2. When you configure NAT, you must also define which is the inside interface (the interface connected to your internal network) and the outside interface (the interface connected to your service provider).
Router(config)#ip nat inside source static 192.168.0.2 209.165.200.2
Router(config)#interface FastEthernet 0/1
Router(config-if)#ip nat inside
Router(config-if)#interface Serial 0/0/0
Router(config-if)#ip nat outside
Understanding how NAT works and what are the different types of NAT is crucial for your CCNA exam as well as for real-life use. Many companies these days use this technique to save the IPv4 address space or isolate some parts of the LAN from the Internet. We will discuss more about NAT in future lessons.