NAT Configuration
NAT (Network Address Translation)
NAT is a method that is used to translate Private IP addresses to Public IP addresses.
We all know that the Private IP address can be used in LAN but they are not recognized over the Internet. For communication over Internet we need to have Public IPs.
The Public IPs is managed by the Internet Assigned Numbered Authority (IANA). The Private IP addresses that cannot be routed are in the range as mentioned below:
Class A – 10.0.0.0 – 10.255.255.255
Class B – 172.16.0.0 – 172.31.255.255
Class C – 192.168.0.0 – 192.168.255.255
The concept of NAT as developed to solve two problems:
- Tackle shortage of IPv4 IP addresses
- To Hide the Network Address
Usually smaller organizations get the Public IP from the ISP but larger organization approach the IANA for the registered Public IPs.
Using the NAT technology the Private IP address is stamped or marked or masked with a Public IP and then allowed to travel to and through the Internet.
Even though NAT has been of great use, it was not a permanent solution to the shortage of IPs and thus IPv6 came into existence.
NAT can be performed by devices like, servers, routers and firewalls.
Advantages of NAT
– Conserves / saves IP addresses
– Increases flexibility to connect to the Internet
Disadvantages of NAT
– As translation needs to be done before packet is actually routed, this induces delay
– Have a track of end-to-end IP is lost since IPs change
– Some applications do not work well when NAT is enabled.
NAT terminology
Inside Local Address: The name of the inside source address before translation. This would be a Private IP.
Inside Global Address: The name of the inside host after translation. This would be the Public IP.
Outside Local Address: The name of the destination host before translation.
Outside Global Address: The name of the destination host after translation.
Note:
Global Addresses → Public
Local Addresses → Private
Inside Hosts → Within Local Network
Outside Hosts → Outside Local Network
Types of NAT
- Static NAT
- Dynamic NAT
- PAT ( Port Address Translation)
We will use the below topology further in the article.
Static NAT
One-to-one mapping between local and global addresses is done using Static NAT. In this we would need one real or Public IP address for each host in the network as this is a one to one mapping.
The syntax for a Static NAT:
Router_A(config)#ip nat inside source static < private IP> < public IP>
For implementing or using the NAT we create, we need to have it implemented on the interface (inside and outside)
On the interface facing towards the LAN
Router_A(config)#int fa0/0
Router_A(config-if)#ip nat inside
On the interface facing towards the ISP:
Router_A(config)#int s0/0/0
Router_A(config-if)#ip nat outside
Dynamic NAT
In Dynamic NAT we have a pool of Public IP addresses, which is used dynamically without having to do manual one to one mapping. This is also a one to one mapping but occurs dynamically and choses the public IP from the available pool of IP addresses
The syntax for a Dynamic NAT:
Specify the list of Private addresses that are allowed or permitted to be translated dynamically should be mentioned or specified.
Router_A(config)#access-list <access list number> permit <Network ID> < wildcard Mask>
Router_A(config)#ip nat inside source list <Access List> pool < name>
Specifiy the pool of global IP addresses which will be mapped to the Private IP addresses.
Router_A(config)#ip nat pool name < Start Public IP> < End Public IP > netmask mask
Now specify the inside and outside interfaces
On the interface facing towards the LAN
Router_A(config)#int fa0/0
Router_A(config-if)#ip nat inside
On the interface facing towards the ISP:
Router_A(config)#int s0/0/0
Router_A(config-if)#ip nat outside
Dynamic NAT Overload / PAT
This is the most popular type of NAT. As it is not feasible to have one public IP address for each Private IP address so we use one public IP address along with many Private IP addresses but with unique port numbers. This is a many-to-one mapping using different ports.
This is also known as Port Address Translation. Using this technique we can have many internal IPs connect to the Internet using one single public IP and many different ports
The syntax for a Dynamic NAT overload / PAT:
Specify the list of Private addresses that are allowed or permitted to be translated dynamically should be mentioned or specified.
Router_A(config)#access-list <access list number> permit <Network ID> < wildcard Mask>
Router_A(config)#ip nat inside source list <Access List> pool < name> overload
Specifiy the pool of global IP addresses which will be mapped to the Private IP addresses.
Router_A(config)#ip nat pool name < Start Public IP> < End Public IP > netmask mask
Now specify the inside and outside interfaces
On the interface facing towards the LAN
Router_A(config)#int fa0/0
Router_A(config-if)#ip nat inside
On the interface facing towards the ISP:
Router_A(config)#int s0/0/0
Router_A(config-if)#ip nat outside
Configuring STATIC NAT
Here we do configuration as per the topology mentioned earlier in the diagram.
Now configure the routers and other device with appropriate IP addresses and add a default route for both networks on both routers (Inside) and Internet communicate. After configuration we will verify the translations.
– Adding IP addresses is not shown here, but you need to configure it.
– Add the default route from Router_A to ISP and vice-versa.
Static NAT configuration on the router
Implementing NAT on the interfaces (inside and outside)
First verify the NAT Table, we see the manual entries or mapping we configured for each Private IP using a public IP.
Now, let us generate traffic from the PCs in network 192.168.2.0 towards 150.1.1.0 and then see the translations done by the router.
Now that we have generated traffic, let us check the NAT translations, we should see the Private IPs mapped to the public IPs.
To view more details we can see the NAT statistics
To clear the NAT table, we use the command using asterix (*), this clears the entire NAT translation table.
