Network Address Translation (NAT) is a networking process which is used to remap a specific IP address space into another IP address space by modifying the information in the TCP/IP packet header while the packets are being transmitted across a routing device. E.g.(router, firewall etc). Usually the modification is done on the source IP address of the packet which is changed to a different IP address.
Network Address Translation (NAT) is used to hide an entire IP address space which is usually of a private network. For example, a network administrator would utilize NAT to hide the private IP address space of his LAN network under a single IP address from a different IP address space.
Network Address Translation (NAT) is able to accomplish this by using a state-full translation table to map the private addresses into a single IP address and then readdress the outgoing IP packets so that they appear to be originating from the router’s Internet facing interface.
There are different types of NAT which can perform different functions. Some of these include Static NAT, PAT and Dynamic NAT. Many devices that support NAT today will allow you to configure the entries in the translation table permanently. This is known as Static NAT. You also have the process of translating the IP addresses as well as the port numbers. This process is known as Port Address Translation (PAT). It is also sometimes referred to as Network Address Port Translation (NAPT). Dynamic NAT is different from Static NAT in that Static NAT provides a one to one internal address to public address mapping. Dynamic NAT is not static and it usually utilizes a group of public IP addresses to translate a group of private IP addresses.
Here is a simple tutorial of how you can Implement NAT in a network.
We have 14 hosts that will need simultaneous Internet connection. Our hosts are assigned private IP addresses (192.168.100.17 to 192.168.100.30). We were given 6 IP addresses from our ISP (198.18.184.105 to 198.18.184.110).
After completing our basic router configuration (for example purposes we will assume that a static route is in place between the router and ISP) and configuration of the interfaces, we will use the following commands:
Set the router name to R1
Configure this interface for Nat inside. This is connected to the network to be translated.
R1(config)#interface fastethernet 0/0
R1(config-if)#ip nat inside
Configure this interface for Nat outside. This is connected to the mapped network.
R1(config)#interface serial 0/0
R1(config-if)#ip nat outside
Create an access-list to match the router’s LAN address range that will be translated.
R1(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Create a NAT Pool with pool name isp_adress and specify the public pool address range given by the ISP with their netmask.
R1(config)#ip nat pool isp_adr 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Next we will use the Overload keyword to use Port based NATing to support the router’s LAN address range.
R1(config)#ip nat inside source list 10 pool isp_adr overload
Our aim was to allow the 14 hosts on the private network to access the internet. We will simply ping the ISP for verification using the connected serial interface to that ISP. Let’s say it is S0/1. We would do the following:
Go to an internal host to test
The ping should be successful to 192.0.2.114 which is the serial interface of the ISP.
On console of the router (R1):
Issue the show ip nat translation command to verify the NAT translations.
R1# show ip nat translation
If we used an internal host with IP address 192.168.100.17 we should receive this output:
Pro Inside global Inside local Outside local Outside global
icmp 198.18.184.105:434 192.168.100.17:434 192.0.2.114:434 192.0.2.114:434
icmp 198.18.184.105:435 192.168.100.17:435 192.0.2.114:435 192.0.2.114:435
icmp 198.18.184.105:436 192.168.100.17:436 192.0.2.114:436 192.0.2.114:436
icmp 198.18.184.105:437 192.168.100.17:437 192.0.2.114:437 192.0.2.114:437
icmp 198.18.184.105:438 192.168.100.17:438 192.0.2.114:438 192.0.2.114:438