CCNA (routing and switching)

Network Address Translation

NAT was developed in order to save some addresses out of the depleting pool of IPv4 address.

Network private addresses are described in RFC 1918 and are to designed to be used within an organization or site only

Private addresses are not routed by Internet routers while public addresses are

Private addresses can alleviate IPv4 scarcity but since they aren’t routed by Internet devices, they need to be translated first.

NAT is process used to perform such translation




NAT is a process used to translate network addresses

NAT’s primary use is to conserve public IPv4 addresses

Usually implemented at border network devices such as firewalls or routers

This allows the networks to use private addresses internally, only translating to public addresses when needed

The terms,

inside and outside, are combined with the terms local and global to refer to specific addresses

• Inside local address

• Inside global address

• Outside global address

• Outside local address



Addresses used when the NAT is discussed:

  • Inside Local – ( Local address used be a given computer, which is part of a local network
  • Outside Local – ( Address of the LAN gateway. It is used by all computers on your local network, to access the internet. Local computers use this address as their default gateway. They direct all their communication through the gateway, because they have no other way to communicate with other networks.
  • Inside Global – ( – The global address that can be reached from both the internet and local network. It is the address you got from your ISP, to identify your whole network
  • Outside Global – ( – The original another end of communication. In this example the web server.

another example



Types Of NAT

  1. Static NAT

  • Static NAT uses a one-to-one mapping of local and global addresses
  • These mappings are configured by the network administrator and remain constant
  • Static NAT is particularly useful when servers hosted in the inside network must be accessible from the outside network
  •  A network administrator can SSH to a server in the inside network by point his SSH client to the proper inside global address

static nat


Dynamic NAT

Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis

When an inside device requests access to an outside network, dynamic NAT assigns an available public IPv4 address from the pool

Dynamic NAT requires that enough public addresses are available to satisfy the total number of simultaneous user sessions


Port Address Translation NAT (PAT)

  • PAT maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses
  • PAT uses the pair source port and source IP address to keep track of what traffic belongs to what internal client
  • PAT is also known as NAT overload
  • By also using the port number, PAT is able to forward the response packets to the correct internal device
  • The PAT process also validates that the incoming packets were requested, thus adding a degree of security to the session

Comparing NAT and PAT


  • NAT translates IPv4 addresses on a 1:1 basis between private IPv4 addresses and public IPv4 addresses
  • PAT modifies both the address and the port number
  • NAT forwards incoming packets to their inside destination by referring to the incoming source IPv4 address given by the host on the public network
  •  With PAT, there is generally only one or a very few publicly exposed IPv4 addresses
  • PAT is also able to translate protocols that don’t use port numbers such as ICMP. Each one of these protocols are supported differently by PAT


Configuring Static NAT

  • Create the mapping between the inside local and outside local addresses
  • Define which interface belong to the inside network and which belong to the outside network

Configuring nat




Checking NAT translations



Dynamic NAT Operation

The pool of public IPv4 addresses (inside global address pool) is available to any device on the inside network on a first-come first-served basis

With dynamic NAT, a single inside address is translated to a single outside address

The pool must be large enough to accommodate all inside devices

A device won’t be able to communicate to any external networks if no addresses are available in the pool






Verifying PAT

R2# show ip nat translations

Port Forwarding

Port forwarding is the act of forwarding a network port from one network node to another

A packet sent to the public IP address and port of a router can be forwarded to a private IP address and port in inside network

This is helpful in situations where servers have private addresses, not reachable from the outside networks




doing a part 2.. ref for te above


click here to check the cisco notes.






Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s