These blocks of addresses can be used by multiple organizations for their private networks but they are not routable on the Internet. For hosts with these addresses that need to access the Internet a device must be deployed at the edge of the network that performs address translation to unique public addresses.

Network Address Translation (NAT) is used to translate Private IP addresses from the reserved private address space defined in RFC 1918 to Public IPv4 addresses which are routable on the Internet. NAT is usually implemented on a router that sits at the edge connecting a private network on side and the public network (Internet) on the other side. There are various types of NAT but in this lesson we will focus on the following three types of NAT.

Static NAT is used to translate a private IP address to a Public IP address on a one-to-one basis. Static NAT creates a fixed translation of a private IP address or a subnet to a Public IP address or subnet. The translation is persistent and the Public IP address is same for each consecutive connection.

Dynamic NAT is used translate group of private IP addresses to a pool of Public IP addresses. Dynamic NAT also establishes one-to-one mapping between private and public IP address but the translation will be temporary and after the connectivity is not required the translation will be removed and the public IP address will be returned to the pool and which can then be used to translate any other private host.

Port Address Translation is used to translate multiple private IP addresses to a single public IP address. To keep each translation unique a private IP address and source port is translated to Public IP address and mapped port.

Table below list various NAT terminologies

NAT Terminologies

 

Network Address Translation (NAT)

 

 

Mapping an IP address to another IP address either statically or dynamically

 

Port Address Translation (PAT)

 

 

Mapping multiple IP address to a single IP address. To differentiate between connections source port is also changed. Also known as NAT overload

 

 

Inside Local

 

 

IP address assigned to the host on the private network

 

Inside Global

 

 

The IP address of a private host as it appears to the public network.

 

 

Outside Local

 

 

IP address of a public host as it appears to the private network

 

 

Outside Global

 

 

IP address assigned to a host on the public network by the host owner

 

Nat Configuration

We will use the network in the figure below to demonstrate the configuration of Static, Dynamic NAT and PAT.

 

We will configure the Cisco Router to perform Static NAT on the IP address 10.1.1.200 owned by Web Server and Dynamic NAT to translate the IP addresses of three hosts to dynamically to a pool of addresses.

Router(config)interface fastethernet 0/0

Router(config-if)ip address 10.1.1.1 255.255.255.0

Router(config-if)ip nat inside

 

Router(config)interface fastethernet 0/1

Router(config-if)ip address 116.100.100.194 255.255.255.248

Router(config-if)ip nat outside

 

Router(config)ip nat inside source static 10.1.1.200 116.100.100.195

— The command above configures static NAT for private IP address 10.1.1.200 to public IP address 116.100.100.195 —

Router(config)access-list 101 permit ip 10.1.1.10 any

Router(config)access-list 101 permit ip 10.1.1.11 any

Router(config)access-list 101 permit ip 10.1.1.12 any

Router(config)ip nat pool DYN_NAT_POOL 116.100.100.196 116.100.100.198 prefix-length 24

Router(config)ip nat inside source list 101 pool DYN_NAT_POOL

 

— The commands above configure Dynamic NAT for a group three hosts which are assigned public IP addresses from a pool of three public IP addesses —

We can also configure Port Address Translation for the three hosts such that all three of them will be overloaded to a single IP address. To configure PAT use the following command

Router(config)ip nat inside source list 101 interface fastethernet 0/1 overload

 

Today we covered Network Address Translation and configuration, NAT is a very important lesson and students must have thorough conceptual and practical knowledge of NAT as almost all enterprise networks connected to the Internet use NAT.