Network Address Translation (NAT)

Whether your network is the home or the corporate type, if it uses the private IP addresses, you have to translate your private inside addresses to a global outside address by using NAT. The main idea is to conserve Internet global address space, but it also increases network security by hiding internal IP addresses from external networks. In NAT terminology, the inside network is the set of networks that are subject to translation. The outside network refers to all other addresses – usually those located on the Internet. However, just to help confuse you, it’s important to understand that you can translate packets coming into the private network as well. NAT operates on a Cisco router – generally only connecting two networks together – and translates your private (inside local) addresses within the internal network, into public (inside global) addresses before any packets are forwarded to another network. This functionality gives you the option to configure NAT so that it will advertise only a single address for your entire network to the outside world. Doing this effectively hides the internal network from the whole world really well, giving you some much – needed additional security.

There are different flavors of NAT:

  • Static NAT – Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network.
  • Dynamic NAT – Designed to map an unregistered IP address to a registered IP address from out of a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets to and from the Internet.
  • Overloading – This is the most popular type of NAT configuration. Overloading is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address (many-to-one) by using different ports. Therefore, it’s also known as port address translation (PAT). By using PAT (NAT Overload), you can have thousands of users connect to the Internet using only one real global IP address-pretty slick! NAT Overload is the reason we have not run out of valid IP address on the Internet.

Here are shown the logic diagram for NAT point of view and some of the terminology.

NAT

Most typical NAT features change only the IP address of “inside” hosts. The outside host IP address can also be changed with NAT. When that occurs, the terms outside local and outside global are used to denote the IP address used to represent that host in the inside network and the outside network, respectively. The following table summarizes the terminology and meanings.

Term Meaning
Inside local In a typical NAT design, the term “inside” refers to an address used for a host inside an enterprise. An inside local is the actual IP address assigned to a host in the private enterprise network. A more descriptive term might be “inside private,” because when using RFC 1918 addresses in an enterprise, the inside local represents the host inside the enterprise, and it is a private RFC 1918 address.
Inside global In a typical NAT design, the term “inside” refers to an address used for a host inside an enterprise. NAT uses an inside global address to represent the inside host as the packet is sent through the outside network, typically the Internet. A NAT router changes the source IP address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network.
A more descriptive term might be “inside public,” because when using RFC 1918 addresses in an enterprise, the inside global represents the inside host with a public IP address that can be used for routing in the public Internet.
Outside global In a typical NAT design, the term “outside” refers to an address used for a host outside an enterprise-in other words, in the Internet. An outside global is the actual IP address assigned to a host that resides in the outside network, typically the Internet. A more descriptive term might be “outside public,” because the outside global represents the outside host with a public IP address that can be used for routing in the public Internet.
Outside local In a typical NAT design, the term “outside” refers to an address used for a host outside an enterprise-in other words, in the Internet. NAT uses an outside local address to represent the outside host as the packet is sent through the private enterprise network (inside network). A NAT router changes a packet’s destination IP address, sent from an inside host to the outside global address, as the packet goes from the inside to the outside network. A more descriptive term might be “outside private,” because when using RFC 1918 addresses in an enterprise, the outside local represents the outside host with a private IP address from RFC 1918.

Today, given a choice, companies tend to simply use private addressing to avoid the need to translate both IP addresses in each packet. Also, the NAT router needs a static entry for every server in the overlapped network number-a potentially painstaking task. By using private addresses, you can use NAT to connect the network to the Internet, reduce the number of registered IP addresses needed, and have to perform only the NAT function for the private address in each packet.

Our Recommended Premium CCNA Training Resources

These are the best CCNA training resources online:

Click Here to get the Cisco CCNA Gold Bootcamp, the most comprehensive and highest rated CCNA course online with a 4.8 star rating from over 30,000 public reviews. I recommend this as your primary study source to learn all the topics on the exam. Cisco CCNA Gold Bootcamp
And click here for a free trial of AlphaPrep premium practice tests when youre ready to test your knowledge. They have the largest question bank, with adaptive tests and advanced reporting which tells you exactly when you are ready to pass the real exam. Cisco CCNA Gold Bootcamp