NAT (Network Address Translation)
INTRODUCTION:
NAT (Network Address Translation ) is the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses. This helps ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves on the number of global IP addresses that a company needs and it lets the company use a single IP address. NAT is included as part of a router and is often part of a corporate firewall. Network administrators create a NAT table that does the global-to-local and local-to-global IP address mapping. NAT can also be used in conjunction withpolicy routing. NAT can be statically defined or it can be set up to dynamically translate from and to a pool of IP addresses. Cisco's version of NAT lets an administrator create tables that map:
A local IP address to one global IP address statically A local IP address to any of a rotating pool of global IP addresses that a company may have A local IP address plus a particular TCP port to a global IP address or one in a pool of them A global IP address to any of a pool of local IP addresses on a round-robin basis
Defining NAT Inside and Outside Interfaces
The first step to deploy NAT is to define NAT inside and outside interfaces. You may find it easiest to define your internal network as inside, and the external network as outside. However, the terms internal and external are subject to arbitration as well. This figure shows an example of this. Packets sourced on the inside portion of the network have an inside local address as the source address and an outside local address as the destination address of the packet, while the packet resides on the inside portion of the network. When that same packet gets switched to the outside network, the source of the packet is now known as the inside global address and the destination of the packet is known as the outside global address.
�Conversely, when a packet is sourced on the outside portion of the network, while it is on the outside network, its source address is known as the outside global address. The destination of the packet is known as the inside global address. When the same packet gets switched to the inside network, the source address is known as the outside local address and the destination of the packet is known as the inside local address.
To configure NAT correctly the first time, you need to understand the Cisco NAT terminology and how your IP networks/addresses map to each of the entities listed below:
Inside LocalThis is the local IP address of a private host on your network (e.g., a workstation's IP address). Inside GlobalThis is the public IP address that the outside network sees as the IP address of your local host. Outside LocalThis is the local IP address from the private network, which your local host sees as the IP address of the remote host. Outside GlobalThis is the public IP address of the remote host (e.g., the IP address of the remote Web server that a workstation is connecting to).
Need of NAT:
As we know if any host want a access of internet, he has an ip address and we are using ipv4 version which is in limited number so we introduce the concept of NAT . NAT is a way to reduce the IP address depletion problem. NAT reduces the need for a large amount of publicly known IP addresses by creating a separation between publicly known and privately known IP addresses. CIDR aggregates publicly known IP addresses into blocks so that fewer IP addresses are wasted. In the end, both extend the use of IPv4 IP addresses for a few more years before IPv6 is generally supported.
�Network Address Translation (NAT) is a way to map an entire network (or networks) to a single IP address. NAT is necessary when the number of IP addresses assigned to you by your Internet Service Provider is less than the total number of computers that you wish to provide Internet access for. NAT is described in RFC 1631, "The IP Network Address Translator (NAT)." NAT allows you to take advantage of the reserved address blocks described in RFC 1918, "Address Allocation for Private Internets." Typically, your internal network will be setup to use one or more of these network blocks. They are: 10.0.0.0/8 (10.0.0.0 - 10.255.255.255) 172.16.0.0/12 (172.16.0.0 - 172.31.255.255) 192.168.0.0/16 (192.168.0.0 - 192.168.255.255)
How NAT Works :
When a client on the internal network contacts a machine on the Internet, it sends out IP packets destined for that machine. These packets contain all the addressing information necessary to get them to their destination. NAT is concerned with these pieces of information:
Source IP address (for example, 192.168.1.35) Source TCP or UDP port (for example, 2132)
When the packets pass through the NAT gateway they will be modified so that they appear to be coming from the NAT gateway itself. The NAT gateway will record the changes it makes in its state table so that it can a) reverse the changes on return packets and b) ensure that return packets are passed through the firewall and are not blocked. For example, the following changes might be made:
Source IP: replaced with the external address of the gateway (for example, 24.5.0.5) Source port: replaced with a randomly chosen, unused port on the gateway (for example, 53136)
Types of NAT:
Static NAT
Static NAT is a simple one-to-one mapping of private and public addresses. This is required to support inbound connections from your public network into your private network. For each local address defined, there has to be an associated globally unique address.
�Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network. In static NAT, the computer with the IP address of 192.168.32.10 will always translate to 213.18.123.110:
�Dynamic NAT
Dynamic NAT can only be used to establish connections from within the private network out to the public network. A pool of network addresses is maintained and used when an outbound connection is made. Each connection is assigned a unique public address. The maximum number of simultaneous connections is equal to the number of public addresses in the pool. This is similar to a one-to-one correspondence between addresses. Dynamic NAT allows you to communicate with the Internet through a dynamic NAT address.
�Overloading NAT(PAT): Now in these days this type is used everywhere. (in industries , campuses, cities.)
A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. Known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT. In PAT with ip addresses, port number also translated and all these translation or mapping is saved in NAT table of Router as shown in figure:
In overloading, each computer on the private network is translated to the same IP address (213.18.123.100) but with a different port number assignment as shown in fig. below:
