The document discusses network address translation (NAT) and its key concepts. It explains that NAT allows private IP addresses to access the public internet by mapping them to public IP addresses. There are two types of NAT translations - static, where mappings are manually configured, and dynamic, where they are created automatically based on access lists. NAT can perform one-to-one or many-to-one address translations using port address translation (PAT) when there is a shortage of public IP addresses. The document provides examples of how NAT modifies source and destination addresses in packet headers during the translation process.

1. Chapter 5
Network Address Translation
CISCO Networking II
1
By Chhay Buntha

2. Basic Concept of NAT
Chapter5
2
By Chhay Buntha
My
Network
Internet
10.6.1.20 Internet Host
NAT
• NAT changes the IP addresses in the IP header
Before NAT
Outbound Packet
Src Addr
10.6.1.20
Dest Addr
Internet Host
After NAT
Outbound Packet
Src Addr
171.69.68.10
Dest Addr
Internet Host
After NAT
Return Packet
Src Addr
Internet Host
Dest Addr
10.6.1.20
Before NAT
Return Packet
Src Addr
Internet Host
Dest Addr
171.69.68.10

3. Private IP Addresses
3
By Chhay Buntha
• Problem: IP address space is limited and obtaining a
large block of registered addresses is difficult
• Solution: Use private IP addresses (RFC 1918)
internally on your network
• The private IP addresses you can use on your
internal network are:
• Class A: 10.x.x.x
• Class B range: 172.16.x.x–172.31.x.x
• Class C range: 192.168.1.x–192.168.254.x
Chapter5

4. Benefits
4
By Chhay Buntha
• Problem: Hosts can’t access registered networks such as the
Internet, when assigned private IP addresses
• Solution: NAT replaces the source address with a routable
address and enables privately addressed hosts to access
registered networks, such as the Internet, without requiring
globally unique IP addresses on end hosts
10.6.1.20 Internet Host
NAT
Before NAT
Outbound Packet
Src Addr
10.6.1.20
Dest Addr
Internet Host
After NAT
Outbound Packet
Src Addr
171.69.68.10
Dest Addr
Internet Host
After NAT
Return Packet
Src Addr
Internet Host
Dest Addr
10.6.1.20
Before NAT
Return Packet
Src Addr
Internet Host
Dest Addr
171.69.68.10
X
No
Translation
Chapter5

5. Benefits
5
By Chhay Buntha
• Problem: Merging with conflicting private IP address space
need connectivity to each other and/or the Internet
• Solution: NAT provides transparent, scalable, and bi-
directional connectivity between Phnom Penh and Kampong
Cham
Phnom Penh Kampong
Cham
10.6.1.20 10.6.1.51
NAT
Before NAT
Outbound Packet
Src Addr
10.6.1.20
Dest Addr
Kg.Cham
After NAT
Outbound Packet
Src Addr
192.168.7.10
Dest Addr
Kg.Cham
After NAT
Outbound Packet
Src Addr
172.21.58.10
Dest Addr
Phnom Penh
Before NAT
Outbound Packet
Src Addr
10.6.1.51
Dest Addr
Phnom Penh
X
Chapter5

6. NAT Terminology
6
By Chhay Buntha
• An interface on the router can be defined as
inside or outside
• Translations occur only from inside to outside interfaces or
vice versa—never between the same type of interface
NAT
Inside
Interface
Inside Network Outside Network
ip nat inside ip nat outside
Inside Host Outside Host
Outside
Interface
Chapter5

7. NAT Concepts
7
By Chhay Buntha
NAT translations are static or dynamic:
• Static translation are entered directly into the
configuration and are always in the translation table:
ip nat inside source static 10.6.1.20 171.69.68.10
• Dynamic translations use access lists to identify IP
addresses that NAT should create translations for:
ip nat inside source list 1 pool nat-pool
access-list 1 permit 10.0.0.0 0.255.255.255
Chapter5

8. Static vs. Dynamic Translations
8
By Chhay Buntha
• Static translations:
When you need to be able to initiate a connection
from both inside and outside interfaces or you want
a specific host to be translated to a specific IP
address
• Dynamic translations:
When you want to initiate a connection from only
the inside or only the outside
Chapter5

9. NAT Concepts
9
By Chhay Buntha
An IP address is either local or global
Local IP addresses are seen in the inside network
Global IP addresses are seen in the Outside network
My
Network Internet
Inside Host Outside Host
NAT
Before NAT
Outbound Packet
Src Addr
Inside Local
Dest Addr
Outside Host
After NAT
Outbound Packet
Src Addr
Inside Global
Dest Addr
Outside Host
After NAT
Inbound Packet
Src Addr
Outside Local
Dest Addr
Inside Host
Before NAT
Inbound Packet
Src Addr
Outside Global
Dest Addr
Inside Host
Chapter5

10. NAT Concepts
10
By Chhay Buntha
For Outbound Packets an Address
Is Dynamically Allocated from the
NAT Address Pool
10.6.1.20 Outside Host
NAT
Before NAT
Outbound Packet
Src Addr
10.6.1.20
Dest Addr
Outside Host
After NAT
Outbound Packet
Src Addr
171.69.68.10
Dest Addr
Outside Host
Pro Inside Local Outside Local Outside Global
Inside Global
--- --- ---
171.69.68.10 10.6.1.20
My
Network Internet
NAT Address Pool
171.69.68.11
171.69.68.12
171.69.68.13
171.69.68.10
NAT Address Pool
- - -
171.69.68.11
171.69.68.12
171.69.68.13
Chapter5

11. NAT Concepts
11
By Chhay Buntha
The NAT Address Translation Entry
in the Translation Table Is Used to
Translate Return Packets
10.6.1.20 Outside Host
NAT
After NAT
Return Packet
Src Addr
10.6.1.20
Dest Addr
Outside Host
Before NAT
Return Packet
Src Addr
171.69.68.10
Dest Addr
Outside Host
Pro Inside Local Outside Local Outside Global
Inside Global
--- --- ---
171.69.68.10 10.6.1.20
Pro Inside Local Outside Local Outside Global
Inside Global
--- --- ---
--- ---
My
Network Internet
NAT Address Pool
- - -
171.69.68.11
171.69.68.12
171.69.68.13
NAT Address Pool
171.69.68.10
171.69.68.11
171.69.68.12
171.69.68.13
Chapter5

12. NAT Terminology
12
By Chhay Buntha
• Inside local
Configured IP address assigned to a host on the
inside network; address may be globally unique,
allocated out of the private address space, or may
be officially allocated to some other organization
• Inside global
The IP address of an inside host as it appears to the
outside host and network, “Translated IP Address”;
addresses can be allocated from a globally unique
address space, typically provided by the ISP (if the
enterprise is connected to the global Internet)
Chapter5

13. NAT Concepts
13
By Chhay Buntha
• Local IP addresses are seen on the inside network while
global IP addresses are seen on the outside network
My Network
Inside Host Outside Host
NAT
After NAT
Outbound Packet
Dest Addr
Outside Global
Src Addr
Inside Global
Internet
Before NAT
Outbound Packet
Dest Addr
Outside Local
Src Addr
Inside Local
Chapter5

14. NAT Concepts
14
By Chhay Buntha
--- --- ---
--- ---
--- --- ---
--- ---
Pro Inside Local Outside Local Outside Global
Inside Global
--- --- ---
--- --- ---
--- ---
--- --- ---
--- ---
--- ---
--- --- ---
--- ---
--- --- ---
--- ---
Pro Inside Local Outside Local Outside Global
Inside Global
--- --- ---
--- --- ---
--- ---
--- --- ---
--- ---
171.69.70.15 192.168.1.80
• A NAT translation is 1 to 1 or many to 1
1 to 1 translations (NAT) assign a different
IP address for each translation
Many to 1 (PAT) translations can assign the
same IP address for each translation
--- --- ---
--- ---
--- --- ---
--- ---
Pro Inside Local Outside Local Outside Global
Inside Global
--- --- ---
171.69.70.15 192.168.1.80
171.69.68.10:1202 10.6.15.2:1202 204.71.200.67:80 204.71.200.67:80
171.69.68.10:1460 10.8.20.25:1460 204.71.200.69:80 204.71.200.69:80
tcp
tcp
Router# show ip nat translations
Chapter5

15. PAT
15
By Chhay Buntha
Router# show ip nat translations
• PAT (Port Address Translation) includes ports
in addition to IP addresses
– Many-to-one translation
– Maps multiple IP addresses to 1 or a few IP
addresses
Pro Inside Local Outside Local Outside Global
Inside Global
171.69.68.5:1405 10.6.15.2:1405 204.71.200.69:80
tcp 204.71.200.69:80
Chapter5

16. NAT vs. PAT
16
By Chhay Buntha
• NAT
–When there is sufficient number of
IP addresses for 1 to 1 translations
• PAT
–When there are an insufficient number
of IP addresses available to translate
all of the inside addresses
Chapter5

17. NAT order of Operation
17
By Chhay Buntha
• NAT always checks translation table for entry before
access lists
• For a full NAT order of operation see
http://www.cisco.com/warp/public/556/5.html
After NAT
Outbound Packet
Dest Addr
Outside Global
Src Addr
Inside Global
Before NAT
Outbound Packet
Src Addr
Outside Local
Src Addr
Inside Local
After NAT
Inbound Packet
Src Addr
Outside Local
Dest Addr
Inside Local
Before NAT
Inbound Packet
Src Addr
Outside Global
Dest Addr
Inside Global
Inside Interface Outside Interface
Routing NAT
Chapter5

18. NAT Example1
18
By Chhay Buntha
Consider the above example. For a connection from
HostA to HostB, the NAT addresses are identified as
follows:
• Inside Local Address - 10.1.1.10
• Inside Global Address - 55.1.1.1
• Outside Global Address – 99.1.1.2
• Outside Local Address – 99.1.1.2
Chapter5

19. NAT Example2
19
By Chhay Buntha
The above example demonstrates how the source (SRC)
and destination (DST) IP addresses within the Network-
Layer header are translated by NAT.
Chapter5