{"id":62,"date":"2013-03-23T23:05:24","date_gmt":"2013-03-23T23:05:24","guid":{"rendered":"https:\/\/learncisco.net\/index.php\/address-translation\/"},"modified":"2023-01-10T13:37:06","modified_gmt":"2023-01-10T06:37:06","slug":"address-translation","status":"publish","type":"page","link":"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html","title":{"rendered":"NAT and Port Address Translation Configuration"},"content":{"rendered":"<p>We will describe the whole process of deploying Internet access by adding services to your Internet router in the form of DHCP servers, and network address translation. You will be able to touch and feel the whole process by configuring these functions on a Cisco router.<\/p>\n<h2>Network Address Translation<\/h2>\n<p>The number of IP addresses allocated by the Internet service provider will typically be small. With today\u2019s IP address space, it is impossible to provide a public Internet IP address to all of the devices. So most organizations, if not all, use a private addressing scheme inside of their network and will require network address translation for connectivity to the public network, and that device in the middle would implement the translation and it would translate back for return traffic into the private addressing scheme.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"Network Address Translation - NAT\" src=\"\/wp-content\/themes\/learncisco\/assets\/images\/icnd1\/86-nat.jpg\" alt=\"Network Address Translation - NAT\" width=\"640\" height=\"343\" \/><\/p>\n<p>When talking about NAT, it is important to understand the terminology. You will have global and local addresses, global meaning public addresses that make sense out in the public Internet and local addresses which are related to the private addressing. Another concept is that of inside and outside devices. An inside device will be physically located in the internal network, whereas an outside device will be physically located somewhere else.<\/p>\n<p>So you could have an inside device with a local address, but also an inside device with a global address after the device\u2019s packets have been translated by NAT. Another concept is that of address assignments or mappings; they can be static or dynamic: static if manually created or dynamic if dynamically assigned by the NAT device.<\/p>\n<h2>Port Address Translation<\/h2>\n<p>Outbound traffic that is going toward the Internet typically uses dynamic assignment of public IP addresses. This means that one machine in the inside could be using a certain public address when going out today, but a different address when going out tomorrow. This allows for more flexibility in reusing the public address ranges. However, those public address ranges are typically very small. A lot of times it is only one public address that you can use and that address is already assigned to the public interface of the perimeter device. You will need to reuse that public IP address for all of the internal machines. That is why we have port address translation or PAT.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"Port Address Translation - PAT\" src=\"\/wp-content\/themes\/learncisco\/assets\/images\/icnd1\/87-pat.jpg\" alt=\"Port Address Translation - PAT\" width=\"640\" height=\"318\" \/><\/p>\n<p>Multiple private addresses can reuse the same public address as indicated in that NAT table there, but the NAT device will include a port number to the translation. The port number is always different and it will be the tiebreaker to identify which private address is using which instance of the one public address.<\/p>\n<h2>Translating Inside Source Address<\/h2>\n<p>Here is how it works in a one-to-one translation environment.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"\/wp-content\/themes\/learncisco\/assets\/images\/icnd1\/88-one-to-one-translation.jpg\" alt=\"One-to-one Address Translation\" width=\"640\" height=\"356\" \/><\/p>\n<p>The source machine will send a packet with the private address which will hit the NAT device. The NAT device will look up its NAT table and see if there is a static assignment as defined by the administrator. If there is one, it will use it; if there is none, then it will dynamically assign a public address and forward a packet. When the destination replies, the old source address becomes the destination address now; it will eventually hit the NAT device again. In this NAT device, we will look up the NAT table looking for an existing translation. When it finds it, it will simply translate that public address of the destination into a private address. It then forwards a packet back to the original source and this same thing happens for all the packets and all of the senders where each sender will use a different public IP.<\/p>\n<h2>Overloading an Inside Global Address<\/h2>\n<p>The previous example is not sustainable in an Internet scenario. That is why we need port address translation, sometimes known as NAT overload. The process is the same but now the path device will use an expanded NAT table that will include ports. Notice how the source ports are translated at the NAT device, which will control uniqueness of these ports to be able to know which private addresses are using which instance of the public address.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"NAT Overloading\" src=\"\/wp-content\/themes\/learncisco\/assets\/images\/icnd1\/89-nat-overloading.jpg\" alt=\"NAT Overloading\" width=\"640\" height=\"351\" \/><\/p>\n<p>Since the source ports travel with the packet, return traffic will contain the same information and that is how the PAT device will know who to deliver the packet to.<\/p>\n<h2>Configuration and Commands<\/h2>\n<p>SDM simply hides the complexity of commands, but it will generate and create those commands and deliver them to the router. Here is a samble configuration with IP NAT overloading, which shpuld be applyed to the router from the image above.<\/p>\n<blockquote><p>!<br \/>\ninterface GigabitEthernet0\/0<br \/>\ndescription ### LOCAL LAN ###<br \/>\nip address 10.1.1.10 255.255.255.0<br \/>\nip nat inside<br \/>\nduplex auto<br \/>\nspeed auto<br \/>\n!<br \/>\n!<br \/>\ninterface GigabitEthernet0\/1<br \/>\ndescription ### Internet ###<br \/>\nip address 171.69.68.2 255.255.255.0<br \/>\nip ospf network broadcast<br \/>\nip nat outside<br \/>\nduplex auto<br \/>\nspeed auto<br \/>\n!<br \/>\n!<br \/>\nip nat inside source list InetNat interface GigabitEthernet0\/1 overload<br \/>\n!<br \/>\nip access-list extended InetNat<br \/>\npermit ip 10.1.1.0 0.0.0.255 any<br \/>\n!<\/p><\/blockquote>\n<p>You can monitor the operations of NAT and PAT from the router command-line interface by using these commands; <span style=\"font-family: courier new,courier;\"><strong>show ip nat translation<\/strong><\/span> will display each of the inside local IP addresses and their corresponding outside global or public address. If there are static translations, then it will also show and those will not time out; dynamic translations typically disappear after a certain period of inactivity. You can also clear the NAT translations table, if you want to troubleshoot or if you changed the public address range and you want to reset connections and apply the new public range.<\/p>\n<blockquote><p>Router#sh ip nat translations<br \/>\nPro Inside global\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Inside local\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Outside local\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Outside global<br \/>\ntcp 83.228.127.214:1086\u00a0\u00a0 10.1.1.2:1025\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 217.29.9.205:11357\u00a0\u00a0\u00a0 217.29.9.205:11357<br \/>\ntcp 83.228.127.214:1049\u00a0\u00a0 10.1.1.2:1031\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 46.38.189.180:6669\u00a0\u00a0\u00a0 46.38.189.180:6669<br \/>\ntcp 83.228.127.214:1546\u00a0\u00a0 10.1.1.2:1040\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 74.105.111.98:34794\u00a0\u00a0 74.105.111.98:34794<br \/>\ntcp 83.228.127.214:1721\u00a0\u00a0 10.1.1.3:1044\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 59.92.70.243:61603\u00a0\u00a0\u00a0 59.92.70.243:61603<br \/>\ntcp 83.228.127.214:1175\u00a0\u00a0 10.1.1.3:1054\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 71.218.158.201:6890\u00a0\u00a0 71.218.158.201:6890<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"We will describe the whole process of deploying Internet access by adding services to your Internet router in the form of DHCP servers, and network address translation. You will be able to touch and feel the whole process by configuring these functions on a Cisco router. Network Address Translation The number of IP addresses allocated &#8230; <a title=\"NAT and Port Address Translation Configuration\" class=\"read-more\" href=\"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html\" aria-label=\"Read more about NAT and Port Address Translation Configuration\">Read more<\/a>","protected":false},"author":5,"featured_media":0,"parent":79,"menu_order":134,"comment_status":"closed","ping_status":"closed","template":"cisco-page.php","meta":{"_acf_changed":false,"footnotes":""},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>NAT and Port Address Translation Configuration - learncisco.net<\/title>\n<meta name=\"description\" content=\"We will describe the whole process of deploying Internet access by adding services to the router in the form of DHCP servers, and NAT.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NAT and Port Address Translation Configuration - learncisco.net\" \/>\n<meta property=\"og:description\" content=\"We will describe the whole process of deploying Internet access by adding services to the router in the form of DHCP servers, and NAT.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html\" \/>\n<meta property=\"og:site_name\" content=\"learncisco.net\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-10T06:37:06+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html\",\"url\":\"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html\",\"name\":\"NAT and Port Address Translation Configuration - learncisco.net\",\"isPartOf\":{\"@id\":\"https:\/\/www.learncisco.net\/#website\"},\"datePublished\":\"2013-03-23T23:05:24+00:00\",\"dateModified\":\"2023-01-10T06:37:06+00:00\",\"description\":\"We will describe the whole process of deploying Internet access by adding services to the router in the form of DHCP servers, and NAT.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.learncisco.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cisco Certification Courses\",\"item\":\"https:\/\/www.learncisco.net\/courses.html\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"CCNA 200-301\",\"item\":\"https:\/\/www.learncisco.net\/courses\/cisco-ccna.html\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"NAT Network Address Translation\",\"item\":\"https:\/\/www.learncisco.net\/courses\/cisco-ccna\/nat-network-address-translation.html\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Address Translation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.learncisco.net\/#website\",\"url\":\"https:\/\/www.learncisco.net\/\",\"name\":\"learncisco.net\",\"description\":\"Free online tests for the Cisco CCNA and CCNP exams. Test yourself with more than 4300 different questions.\",\"publisher\":{\"@id\":\"https:\/\/www.learncisco.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.learncisco.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.learncisco.net\/#organization\",\"name\":\"learncisco.net\",\"url\":\"https:\/\/www.learncisco.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.learncisco.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.learncisco.net\/wp-content\/uploads\/2021\/12\/logo-1.png\",\"contentUrl\":\"https:\/\/www.learncisco.net\/wp-content\/uploads\/2021\/12\/logo-1.png\",\"width\":154,\"height\":24,\"caption\":\"learncisco.net\"},\"image\":{\"@id\":\"https:\/\/www.learncisco.net\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NAT and Port Address Translation Configuration - learncisco.net","description":"We will describe the whole process of deploying Internet access by adding services to the router in the form of DHCP servers, and NAT.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html","og_locale":"en_US","og_type":"article","og_title":"NAT and Port Address Translation Configuration - learncisco.net","og_description":"We will describe the whole process of deploying Internet access by adding services to the router in the form of DHCP servers, and NAT.","og_url":"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html","og_site_name":"learncisco.net","article_modified_time":"2023-01-10T06:37:06+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html","url":"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html","name":"NAT and Port Address Translation Configuration - learncisco.net","isPartOf":{"@id":"https:\/\/www.learncisco.net\/#website"},"datePublished":"2013-03-23T23:05:24+00:00","dateModified":"2023-01-10T06:37:06+00:00","description":"We will describe the whole process of deploying Internet access by adding services to the router in the form of DHCP servers, and NAT.","breadcrumb":{"@id":"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.learncisco.net\/courses\/icnd-1\/acls-and-nat\/address-translation.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.learncisco.net\/"},{"@type":"ListItem","position":2,"name":"Cisco Certification Courses","item":"https:\/\/www.learncisco.net\/courses.html"},{"@type":"ListItem","position":3,"name":"CCNA 200-301","item":"https:\/\/www.learncisco.net\/courses\/cisco-ccna.html"},{"@type":"ListItem","position":4,"name":"NAT Network Address Translation","item":"https:\/\/www.learncisco.net\/courses\/cisco-ccna\/nat-network-address-translation.html"},{"@type":"ListItem","position":5,"name":"Address Translation"}]},{"@type":"WebSite","@id":"https:\/\/www.learncisco.net\/#website","url":"https:\/\/www.learncisco.net\/","name":"learncisco.net","description":"Free online tests for the Cisco CCNA and CCNP exams. Test yourself with more than 4300 different questions.","publisher":{"@id":"https:\/\/www.learncisco.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.learncisco.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.learncisco.net\/#organization","name":"learncisco.net","url":"https:\/\/www.learncisco.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.learncisco.net\/#\/schema\/logo\/image\/","url":"https:\/\/www.learncisco.net\/wp-content\/uploads\/2021\/12\/logo-1.png","contentUrl":"https:\/\/www.learncisco.net\/wp-content\/uploads\/2021\/12\/logo-1.png","width":154,"height":24,"caption":"learncisco.net"},"image":{"@id":"https:\/\/www.learncisco.net\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.learncisco.net\/wp-json\/wp\/v2\/pages\/62"}],"collection":[{"href":"https:\/\/www.learncisco.net\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.learncisco.net\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.learncisco.net\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.learncisco.net\/wp-json\/wp\/v2\/comments?post=62"}],"version-history":[{"count":3,"href":"https:\/\/www.learncisco.net\/wp-json\/wp\/v2\/pages\/62\/revisions"}],"predecessor-version":[{"id":1111,"href":"https:\/\/www.learncisco.net\/wp-json\/wp\/v2\/pages\/62\/revisions\/1111"}],"up":[{"embeddable":true,"href":"https:\/\/www.learncisco.net\/wp-json\/wp\/v2\/pages\/79"}],"wp:attachment":[{"href":"https:\/\/www.learncisco.net\/wp-json\/wp\/v2\/media?parent=62"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}