NAT - PAT - Overload
Network Address Translation
-
Network address translation (NAT)
-
Translate from one address to another
-
Commonly used for private to another
-
Commonly used for private IP > public IP
-
Extends the life of IPv4
-
Common NAT types:
- Static NAT
- One-to-one translation.
- Dynamic NAT
- Private IP address translates to one of a pool of public IP address.
- Port Address Translation (PAT)
- Many-to-one
- A single IP address on the outside.
- Can save money and helps scalability
- Static NAT
-
There is such thing as double NATing
- Very very hard to troubleshoot.
-
"NAT is what allows us to have ~4 billion network devices working on the internet together."
/CAP/Network+/Visual%20Aids/Pasted%20image%2020250228152352.png)
- One-to-one
- We can take the private IP and convert it into a public IP
- Inbound traffic is denied by default
- Outbound traffic is allowed by default
Static NAT
- 1:1 mapping of addresses
- Set by administrator
- Referred to as "one-to-one"
Configuration example:
ip nat inside source static 10.1.1.5 23.5.5.9
ip nat inside source static 10.1.1.10 23.5.5.10
ip nat inside source static 10.1.1.15 23.5.5.11
- Take an internal IP and map it to an external IP
- Create DNS records
- A records
- A = wwww IP
- A = mail IP
- A records
Port Address Translation
-
"The reason why NAT exists and conserves the public address space"
-
Port numbers assits with translation
-
Many users share one public address by overloading the interface
-
Most common form of NAT
-
For very large networks we usually combine Dynamic NAT with PAT
- Usually done with a simple
overloadcommand.
- Usually done with a simple
-
Starts with an Access Control List (ACL)
- An if-then condition
Configuration example:
access-list 1 10.1.1.0 0.0.0.255
ip nat inside source list 1 interface fa/01 overload
- The router can use its own interface for the PAT traffic
- Note the overload operation.
- We use the port number to keep each session unique.
NAT Table
- Inside Global - NAT Address (could be public or private)
- Inside Local - Host's Actual Address
- Outside Global - Destination Address
- Outside Local - Destination Address
Router#show ip nat translations