Scribd
Upload
13 views5 pages

Nat - Network Address Translation

NAT (Network Address Translation) translates private IP addresses to public IP addresses, enabling communication with the internet while addressing IPv4 shortages and hiding network schemes. There are three types of NAT: Static NAT, Dynamic NAT, and PAT (Port Address Translation), with PAT allowing multiple unregistered IPs to share a single registered IP. Configuration examples illustrate how to set up NAT on routers, including syntax for access lists and interface settings.

Uploaded by

Muhoza Aime lionel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views5 pages

Nat - Network Address Translation

NAT (Network Address Translation) translates private IP addresses to public IP addresses, enabling communication with the internet while addressing IPv4 shortages and hiding network schemes. There are three types of NAT: Static NAT, Dynamic NAT, and PAT (Port Address Translation), with PAT allowing multiple unregistered IPs to share a single registered IP. Configuration examples illustrate how to set up NAT on routers, including syntax for access lists and interface settings.

Uploaded by

Muhoza Aime lionel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Natting means "Translation of private IP address into public IP address ".

In order to communicate with internet, we must have public IP address.


Address translation was originally developed to solve two problems:
1. to handle a shortage of IPv4 addresses
2. hide network addressing schemes.

Small companies typically get their public IP addresses directly from their ISPs, which have a
limited number.
Large companies can sometimes get their public IP addresses from a registration authority, such
as the Internet Assigned Numbers Authority (IANA).

Common devices that can perform address translation include firewalls, routers, and servers.
Typically address translation is done at the perimeter of the network by either a firewall (more
commonly) or a router.
There are certain addresses in each class of IP address that are reserved for Private Networks.

These addresses are called private addresses.


Class A 10.0.0.0/8 => 10.0.0.1 to 10.255.255.255

Class B 172.16.0.0/12 => 172.16.0.0 to 172.31.255.255

Class C 192.168.0.0/16 => 192.168.0.0 to 192.168.255.255

• Inside Local Addresses – An IP address assigned to a host inside a network. This address is
likely to be a RFC 1918 private address

• Inside Global Address – A legitimate IP address assigned by the NIC or service provider that
represents one or more inside local IP address to the outside world.

• Outside Local Address - The IP address of an outside host as it known to the hosts in the
inside network.

• Outside Global Address - The IP address assigned to a host on the outside network. The
owner of the host assigns this address.

Types of NAT: -
1. Dynamic NAT
2. Static NAT
3. PAT

Static NAT
• This type of NAT is designed to allow one-to-one mapping between local and global addresses.
• Keep in mind that the static version requires you to have one real Internet IP address for every
host on your network.
Syntax :
(Config)# access-list < NO> permit <net.ID> <WCM>
(Config)#ip nat inside pool <name> <starting Pub IP><end Pub IP> netmask < mask>
(Config)# ip nat inside source list <Aclno> pool <name>
Implementation :
(Config) # interface g0/0
(Config-if)# ip nat inside
(Config-if)# ip nat outside

Syntax :
(Config)# access-list < NO> permit <net.ID> <WCM>
(Config)#ip nat inside pool <name> <starting Pub IP><end Pub IP>
<netmask < mask>
(Config)# ip nat inside source list <Aclno> pool <name>
Implementation :
(Config) # interface s0
(Config-if)# ip nat outside
(Config)# interface e0
(Config-if)# ip nat inside

Dynamic NAT
• This version gives you the ability to map an unregistered IP address to a registered IP address
from out of a pool of registered IP addresses.

• You don’t have to statically configure your router to map an inside to an outside address as
you would using static NAT, but you do have to have enough real IP addresses for everyone
who’s going to be sending packets to and receiving them from the Internet.
Syntax :
(Config)# access-list < NO> permit <net.ID> <WCM>
(Config)#ip nat inside pool <name> <starting Pub IP><end Pub IP>
<netmask < mask>
(Config)# ip nat inside source list <Aclno> pool <name>
Implementation :
(Config) # interface s0
(Config-if)# ip nat outside

(Config)# interface e0
(Config-if)# ip nat inside

Dynamic NAT Overload ( PAT )


• This is the most popular type of NAT configuration. Understand that overloading really is a
form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP
address—many-to-one—by using different ports.

• It is also known as Port Address Translation (PAT), and by using PAT (NAT Overload), you get to
have thousands of users connect to the Internet using only one real global IP address.

• NAT Overload is the real reason we haven’t run out of valid IP address on the Internet
Syntax :
(Config)# access-list < NO> permit <net.ID> <WCM>
(Config)#ip nat inside pool <name> <starting Pub IP><end Pub IP> netmask
< mask>
(Config)# ip nat inside source list <Aclno> pool <name> overload
Implementation :
(Config) # interface s0
(Config-if)# ip nat outside
(Config)# interface e0

(Config-if)# ip nat inside

Static NAT, Dynamic NAT and PAT work flow


NAT Terminology

1. Attempt to ping from PC1 to 8.8.8.8. Does the ping work?


2. Configure static NAT on R1.
> Configure the appropriate inside/outside interfaces
> Map the IP addresses of PC1, PC2, and PC3 to 100.0.0.x/24
3. Ping 8.8.8.8 from PC1 again. Does the ping work?
4. Ping google.com from each PC, and then check the NAT translations on R1.
5. Clear the NAT translations on R1. Which entries remain?

Configuration
R1#configure terminal
R1(config)#interface gigabitEthernet 0/1
R1(config-if)#ip nat inside
R1(config-if)# interface gigabitEthernet 0/0
R1(config-if)#ip nat outside
R1(config)#ip nat inside source static 172.16.0.1 100.0.0.1
R1(config)#ip nat inside source static 172.16.0.2 100.0.0.2
R1(config)#ip nat inside source static 172.16.0.3 100.0.0.3
R1#sh ip nat statistics
Total translations: 18 (6 static, 12 dynamic, 15 extended)
Outside Interfaces: GigabitEthernet0/0
Inside Interfaces: GigabitEthernet0/1
Hits: 18 Misses: 20
Expired translations: 5
Dynamic mappings:
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 100.0.0.1:5 172.16.0.1:5 172.217.175.238:5 172.217.175.238:5
icmp 100.0.0.1:6 172.16.0.1:6 172.217.175.238:6 172.217.175.238:6
icmp 100.0.0.1:7 172.16.0.1:7 172.217.175.238:7 172.217.175.238:7
icmp 100.0.0.1:8 172.16.0.1:8 172.217.175.238:8 172.217.175.238:8
icmp 100.0.0.2:2 172.16.0.2:2 172.217.175.238:2 172.217.175.238:2
icmp 100.0.0.2:3 172.16.0.2:3 172.217.175.238:3 172.217.175.238:3
icmp 100.0.0.2:4 172.16.0.2:4 172.217.175.238:4 172.217.175.238:4
icmp 100.0.0.2:5 172.16.0.2:5 172.217.175.238:5 172.217.175.238:5
icmp 100.0.0.3:1 172.16.0.3:1 172.217.175.238:1 172.217.175.238:1
icmp 100.0.0.3:2 172.16.0.3:2 172.217.175.238:2 172.217.175.238:2
icmp 100.0.0.3:3 172.16.0.3:3 172.217.175.238:3 172.217.175.238:3
icmp 100.0.0.3:4 172.16.0.3:4 172.217.175.238:4 172.217.175.238:4
--- 100.0.0.1 172.16.0.1 --- ---
--- 100.0.0.2 172.16.0.2 --- ---
--- 100.0.0.3 172.16.0.3 --- ---
udp 100.0.0.1:1025 172.16.0.1:1025 8.8.8.8:53 8.8.8.8:53
udp 100.0.0.2:1025 172.16.0.2:1025 8.8.8.8:53 8.8.8.8:53
udp 100.0.0.3:1025 172.16.0.3:1025 8.8.8.8:53 8.8.8.8:53

R1#clear ip nat translation *


R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 100.0.0.1 172.16.0.1 --- ---
--- 100.0.0.2 172.16.0.2 --- ---
--- 100.0.0.3 172.16.0.3 --- ---

Ping Status

You might also like