Network Address Translation

I think this is another bonus video from Chris Bryant, however extremely valuable to recap some NA basics.

NAT Types

Static NAT

Private non internet routable host is mapped to a routable address on a one to one fixed basis.

  • No ACL required
  • Inside and Outside interfaces are referenced with ‘ip nat inside’ and ‘ip nat outside’ commands.
  • Global command issued to define Static NAT entry: ‘ip nat inside source static’

Dynamic NAT

Private non internet routable host is mapped to a routable address on a dynamic basis from a range of IP addresses, which are specified by a NAT Pool.

  • This time an ACL is used to identify the non routable addresses range – INSIDE ADDRESSES
  • A NAT Pool is also created with ‘ip nat pool’ command – OUTSIDE ADDRESSES
  • Inside and Outside interfaces are referenced with ‘ip nat inside’ and ‘ip nat outside’ commands under respective interfaces.
  • Global command will reference the ACL of the private addresses and the NAT Pool

Example config:

R3(config)#ip nat inside source list 1 pool NATPOOL
R3(config)#ip nat pool NATPOOL 200.1.1.2 200.1.1.5 netmask 255.255.255.0

PAT (Overloading)

Private non internet routable host is mapped to a routable address AND a dynamic port number. This concept will still use an access list which defines the private addresses to be translated, but this time we set the command to use the physical exit interface with the ‘overload’ command added and the single /32 routable addressed on the outside of the router will be used.

The configuration is very similar to Dynamic NAT, however no POOL is configured or referenced, only the OUTSIDE interface:

R3(config)#interface ethernet0
R3(config-if)#ip nat inside
R3(config-if)#interface serial0
R3(config-if)#ip nat outside
R3(config-if)#ip nat inside source list 1 interface serial0 overload
R3(config)#access-list 1 permit 10.5.5.0 0.0.0.255

RFC 1918 Private Address Space

  • Class A: 10.0.0.0/8
  • Class B: 172.16.0.0/12
  • Class C: 192.168.0.0/16