Table of Content

Network Address Translation (NAT)

Introduction
What does NAT do?
Types of NAT
Static NAT
Dynamic NAT
NAT with PAT
NAT Addressing Terms
NAT Configuration
Summary

Network Address Translation (NAT)

Introduction
As you know the Internet has grown larger than anyone ever imagined it. These days you hardly
can find anyone that has a computer without Internet access. Or you can hardly find a company
or a university that does not use computers and the Internet.

So why do I talk about the Internet and what does the size of the Internet have to do with NAT?
Basically everything! For a computer to communicate with other computers and Web servers on
the Internet, it must have an IP address. It’s more like the telephone network; everyone on this
network has a unique phone number.

When IP addressing first came out, everyone thought that there are more than enough
addresses to cover any need. Theoretically, you could have 4,294,967,296 unique addresses
(232). Though, the actual number of available addresses is smaller (somewhere between 3.2
and 3.3 billion) since some of the addresses are set aside for multicasting, testing or other
special uses.

With the explosion of the Internet and the increase in home networks and business networks,
the number of available IP addresses is simply not enough. This is where NAT comes to the
picture. Network Address Translation allows a single device, such as a router, to act as an
agent between the Internet and a local (or "private") network. This means that only a single,
unique IP address is required to represent an entire group of computers.

www.cbtvid.com
What does NAT do?
NAT is like the receptionist in a large organization. Imagine an organization with 400
employees. If the organization wants to provide a phone line for everyone, then they
have to request for 400 phone numbers from a telecommunication service provider
which is very costly for the company. However, the company can establish its internal
phone network with an extension for each employee which is locally significant. then to
have a connectivity with the rest of the world they buy one or more valid phone
numbers. Anyone from the outside calls the main number to the organization, which is
the only number the caller knows. When the caller tells the receptionist that she is
looking for someone in the organization, the receptionist checks a lookup table that
matches the requested name with the extension. Then the receptionist forwards the
caller to the extension of the requested person.

Figure 1

Therefore, this is the method that NAT uses. NAT is configured on a device (firewall, router
or computer) that resides between an internal network and the rest of the world.

www.cbtvid.com
 Figure 2

With NAT, all computers on the internal network can use a private range of IP addresses, which
are not in use on the Internet. When they make a connection to the outside world, the NAT
device replaces the private IP address, listed as Source IP address in the IP packet — with a
public IP address and then sends the packet out. The destination computer on the Internet
thinks the original sender is that device (firewall, router or computer) and not the client from the
internal network therefore, it sends a return packet back to the new assigned IP address. The
NAT device receives the packet then it replaces the Destination IP address with the original
client’s address in the local network.

Types of NAT
There are three different types of NAT:
● Static
● Dynamic
● Overloading or NAT with PAT (Port Address Translation)

www.cbtvid.com
Static NAT
Static NAT Maps a private IP address to a public IP address on a one-to-one basis. This
type of NAT is used when a device needs to be accessible from outside the network.

Figure 3

In this type of NAT one public IP address is always assigned to one private IP address as
shown in Figure 3. This address will never be used by any other client in the local netowrk.

www.cbtvid.com
Dynamic NAT
This type of NAT Maps a private IP address to a public IP address from a pool of public
IP addresses.

Figure 4

In this method when a client sends a packet to the Internet, the device in between assigns a
public address from a pool of addresses that has already been configured on it. For example, if
the device in between is a router and the configured pool has three public IP addresses (Figure
4), then only three clients can get access to the Internet at a time. If another client wants to get
access to the Internet, it has to wait for one of the other three to finish its job and release the
address so that the router can assign it to the forth client.

www.cbtvid.com
NAT with PAT
Port Address Translation (PAT) maps all private IP addresses of a local network to a single
public IP address on the access device.

Figure 5

Figure 5 shows an example of PAT. In this type of NAT only one public IP address is required
and the router does not care if it has one connection each to three different hosts or three
connections to a single host IP address. Therefore, to support all local clients at the same time,
using a single public IP address on the router, PAT translates the local hosts’ private IP
addresses to the one public IP address on different ports. To tell which packets need to be sent
back to which client the router keeps track of both the IP address and TCP or UDP port number
in a table which is called NAT table.

www.cbtvid.com
NAT Addressing Terms
According to Cisco the enterprise network that uses private addresses, and needs NAT, is the
“inside” part of the network. The Internet side of the NAT function is the “outside” part of the
network. All the private addresses in the local network need a public address when they want to
access the Internet. Therefore, the private addresses in the local network are known as “inside
local” and the public address of the company used to represent them is known as “inside global”
since it is a registered and globally known address (Figure 6).

Figure 6

All the other IP addresses outside the company are known as “outside”. However, if the address
is outside the organization and it is a public address it is known as “outside global” and if the
address is outside the organization and behind another NAT with a private address, it is known
as “outside local” (Figure 7).

www.cbtvid.com
 Figure 7

NAT Configuration
To configure NAT you have to follow few steps:
1. Find out the interfaces that participate in NAT (inside and outside).
2. Configure inside interface.
3. Configure outside interface.

First, you need to find out which interface of the router or firewall participates in NAT.

www.cbtvid.com
 Figure 8

For example in Figure 8 there is a router in Head Quarter that has four interfaces in different
LANs, one interface to the Internet and one to a branch office. Imagine that you want to have a
NAT configured for LAN 2 to get access to the Internet. Therefore, the interfaces that participate
in NAT are Fast Ethernet 0/2 and Serial 1 /2.

Now you have to find out which one is Inside and which one is Outside. In this case Fast
Ethernet 0/2 is connected to the local LAN 2. Therefore, it is the Inside interface and Serial 1 /2
which is connected to the Internet is the Outside interface.

To configure these interfaces as NAT participant interfaces do the following:

Router(config)#interface fastEthernet 0/2

Router(config-if)#ip nat inside

and for the outside interface:

Router(config)#interface serial ½

Router(config-if)#ip nat outside

Now
www.cbtvid.com
For Static:

3. Configure the static mapping.

Router(config)#ip nat inside source static [Local private IP address] [Local public IP address]

Local private IP address: the private addresses in your local LAN

Local public IP address: the public address that belongs to your company

For Dynamic NAT:

3. Configure a pool of addresses.

Router(config)#ip nat pool [give a name to the pool e.g. MYPOOL] [start of the IP addresses]
[end of the addresses] netmask [the subnet mask ]

4. Configure an ACL. for example I name the configured ACL: NAT-ACL

5. Configure dynamic NAT and refer it to the ACL and Pool.
Router(config)#ip nat inside source list [ACL name or number] pool [name of the pool]

for example in our case it will be:

Router(config)#ip nat inside source list NAT-ACL pool MYPOOL

For Overloading NAT:

3. Configure an ACL. for example I name the configured ACL: PAT-ACL

4. Configure overloading NAT and refer it to the ACL and then overload the address of the
interface that participates in outside NAT.
Router(config)#ip nat inside source list [ACL name or number] interface [name of the interface]
overload .

Summary
● Network Address Translation allows an organization with private IP addresses to
connect to the Internet by translating those addresses into public IP addresses.

● Different typs of NAT are Static, Dynamic and Overloading.

● Hides internal IP addressing scheme from the outside world, enhancing network security

www.cbtvid.com