Network Address Translation or NAT is a brilliant scheme to preserve IP addresses. Organizations are often assigned a limited number of public IP addresses. It would be extremely expensive to convert all private IP addresses to public addresses for outside communication. NAT offers a brilliant solution to this problem. NAT allows 3 different ways of mapping internal IP addresses to public IP addresses.
Before we dive into the different types of NATs lets first clarify the terminologies that are often confusing.
The IP address of the private network host is called inside local and once that private IP address is mapped to a public IP address it becomes inside global. For e.g in the above fig we can see that the IP address of the inside host changes for 10.10.10.1 to 184.108.40.206. The IP address 10.10.10.1 is refereed as Inside Local and the IP address after mapping 220.127.116.11 is refereed as Inside Global
And similarly, a public IP address is called outside global and when it is mapped to a private IP address it is called outside local. For e.g in the above fig we can see that the IP address of the Public host changes for 18.104.22.168 to 10.10.10.10. The IP address 22.214.171.124 is refereed as Outside Global and the IP address after mapping 10.10.10.10 is refereed as Outside Local
Now, the 3 types of NATs are
- Static NAT
- Dynamic NAT
- Port Address Translation
The following lab is an example of all three nats
Router#sh run Building configuration… Current configuration : 3655 bytes ! ! Last configuration change at 20:23:44 UTC Mon Dec 16 2019 ! version 15.6 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! no aaa new-model ethernet lmi ce ! no process cpu autoprofile hog mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ip icmp rate-limit unreachable ! no ip domain lookup ip cef no ipv6 cef ! multilink bundle-name authenticated ! redundancy ! no cdp log mismatch duplex no cdp run ! ip tcp synwait-time 5 ! interface GigabitEthernet0/0 ip address 172.16.0.1 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto media-type rj45 no cdp enable ! interface GigabitEthernet0/1 description Static NAT ip address 10.10.10.1 255.255.255.252 ip nat inside ip virtual-reassembly in duplex auto speed auto media-type rj45 no cdp enable ! interface GigabitEthernet0/2 description Dynamic NAT ip address 10.20.20.1 255.255.255.252 duplex auto speed auto media-type rj45 no cdp enable ! interface GigabitEthernet0/3 description PAT ip address 192.168.0.1 255.255.255.0 duplex auto speed auto media-type rj45 no cdp enable ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip nat pool dynamicNAT 172.16.0.30 172.16.0.40 netmask 255.255.255.0 ip nat inside source list 7 pool dynamicNAT !to perform PAT we would do ip nat inside source list 7 pool dynamicNAT overload ip nat inside source static 10.10.10.2 172.16.0.2 ! ! ! access-list 7 permit 10.20.20.0 0.0.0.255 end