NAT: Provides the translation of private address to public address.
NAT has many uses, but its primary use is to conserve public IPv4 addresses. It does this by allowing networks to use private IPv4 addresses internally and providing translation to a public address only when needed. NAT has an added benefit of adding a degree of privacy and security to a network, because it hides internal IPv4 addresses from outside networks.
The terms, inside and outside, are combined with the terms local and global to refer to specific addresses. In the figure, router R2 has been configured to provide NAT. It has a pool of public addresses to assign to inside hosts.
There are three types of NAT translation:
Static NAT uses a one-to-one mapping of local and global addresses. These mappings are configured by the network administrator and remain constant.
Static NAT requires that enough public addresses are available to satisfy the total number of simultaneous user sessions.
Static NAT is particularly useful for web servers or devices that must have a consistent address that is accessible from the Internet.
Configure Static NAT
Step |
Action |
|
1 |
Establish static Translation between an inside local address and an inside global address. Router(config)#ip nat inside source static local-ip global-ip |
|
2 |
Specify the inside interface. Router(config)#interface type number |
|
3 |
Mark the interface as connected to the inside. Router(config-if)#ip nat inside |
|
4 |
Exit interface configuration mode. Router(config-if)#exit |
|
5 |
Specify the outside interface. Router(config)#interface type number |
|
6 |
Mark the interface as connected to the outside Router(config-if)#ip nat outside |
Verifying Static NAT Translations
Router#show ip nat translations |
The static translation is always present in the NAT table |
Router#clear ip nat statistics |
|
Router#show ip nat statistics |
Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis.
Configure Dynamic NAT
Step |
Action |
1 |
Define a pool of global addresses to be used for translation. Router(config)#ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} |
2 |
Configure a standard access list permitting the addresses that should be translated. Router(config)# access-list access-list-number permit source [source-wildcard] |
3 |
Establish dynamic source translation, specify the access list and pool defined in prior steps. Router(config)#ip nat source list access-list-number pool name |
4 |
Identify the inside interface. Interface type number Ip nat inside |
5 |
Specify the outside interface. Router(config)#interface type number |
6 |
Mark the interface as connected to the outside Router(config-if)#ip nat outside |
Verifying Static NAT Translations
Router#show ip nat translations |
The static translation is always present in the NAT table |
Router#clear ip nat statistics * |
Clear all dynamic address translation entries from the NAT translation table |
Router#show ip nat statistics |
|
2.3 PAT/ NAT Overload
Port Address Translation (PAT)/NAT overloading: maps multiple private IPv4 address or a few address. PAT ensures that devices use a different TCP port number for each session with a server on the Internet.
Port Address Translation (PAT), also known as NAT overload, maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses. This is what most home routers do. The ISP assigns one address to the router, yet several members of the household can simultaneously access the Internet. This is the most common form of NAT.
Configure PNAT
Step |
Action |
1 |
Define a pool of global addresses to be used for translation. Router(config)#ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} |
2 |
Configure a standard access list permitting the addresses that should be translated. Router(config)# access-list access-list-number permit source [source-wildcard] |
3 |
Establish dynamic source translation, specify the access list and pool defined in prior steps. Router(config)#ip nat source list access-list-number pool name overload |
4 |
Identify the inside interface. Interface type number Ip nat inside |
5 |
Specify the outside interface. Router(config)#interface type number Ip nat outside |
2.4 Benefits of NAT:
1. Conserves the legally registered addressing scheme
2. Increases the flexibility of connections to the public network
3. Provides consistency for internal network addressing schemes
4. Provides network security
2.5 Disadvantages of NAT:
1. Performance is degraded
2. End-to-end functionality is degraded
3. End-to-end IP traceability is lost.
4. Tunneling becomes more complicated
5. Initiating TCP connections can be disrupted.