With the rapid development of Internet technology, more and more users are joining the Internet. Whether in offices, hotels, schools and homes, people need access to the Internet for office and entertainment purposes, etc. A globally unique IP address is required for communication between any two hosts in the Internet. One of the major problems with the Internet is that the demand for IP addresses has expanded dramatically and the IP address space is nearly exhausted, the use of NAT has alleviated this problem.

NAT not only solves the problem of insufficient lP addresses perfectly, but also effectively prevents attacks from outside the network, hiding and protecting the computers inside the network. NAT is a Wide Area Network (WAN) technology that converts private addresses into legal IP addresses and is used in all types of Internet access and in all types of networks.

What is NAT?

NAT (Network Address Translator) is a technology used to use a private address on a local network and switch to a global IP address when connecting to the Internet, which converts the IP address in an IP data message header to another IP address and achieves address reuse by converting the port number. NAT is widely used as a transitional technology to alleviate the exhaustion of IPv4 public addresses due to its simplicity of implementation.

The main applications of NAT are described below:

  • Enables LAN hosts with private addresses to connect to the Internet. NAT is configured on the border router that connects the internal network to the external network, converting the internal network’s private IP address to a globally unique routable IP address when the internal network host accesses the external network.
  • Load balancing of TCP traffic. A single global public IP address can be corresponded to multiple private IP addresses, and NAT enables load balancing of TCP traffic from external networks to the intranet by polling.

What is static NAT?

Static NAT is the translation of a private IP address to a public IP address on the internal network. The IP address pair is one-to-one and is set in stone, with a private IP address being converted to a public IP address only. There is a fixed mapping between the addresses before and after the translation. With the help of static NAT, it is possible for the external network to access certain specific devices (e.g. servers) in the internal network.

Static NAT Workflow

Static NAT is the establishment of a one-to-one permanent mapping of Inside Local Address and Inside Global Address. When the internal network needs to communicate with the external network, static NAT is configured to convert the internal private IP address into a globally unique IP address. Static NAT is important when the external network needs to access internal hosts via a fixed global routable address.

The basic working principle of NAT is that when IP packets communicated between private network hosts and public network hosts pass through the NAT gateway, the source or destination IP in the IP packet is converted between the private IP and the public IP of NAT. The NAT gateway has 2 network ports, where the IP address of the public network port is a uniformly assigned public IP and the IP address of the private network port is a reserved address. A host in the private network sends 1 IP packet to a host in the public network.

When an IP packet passes through the NAT Gateway, the NAT Gateway converts the source IP of the IP packet to the NAT Gateway’s public IP and forwards it to the public network, at which point the IP packet no longer contains any private network IP information. As the source IP of the IP packet has been converted to the NAT Gateway’s public IP, the response IP packet sent by the Web Server will be sent back to the NAT Gateway.

At this point, NAT Gateway converts the destination IP of the IP packet to the IP of the host on the private network and forwards the IP packet to the private network. This address translation process is completely transparent to both communicating parties.

How to configure static NAT?

Step 1: Configure internal interfaces, and external interfaces

Command:

// Enter external interface interface mode

Router(config-if)#interface  interface-id

Router(config-if)#ip nat outside

// Enter internal interface interface mode

Router (config-if)#interface  interface-id

Router (config-if)#ip nat inside

Step 2: Configure a static mapping of local and global addresses

Command:

Router (config)#ip nat inside source static

 x.x.x.x(Local Address)  x.x.x.x(Global Address)

Step 3: Check the results of the NAT operation

Command:

Router #show ip nat translations

Command details:

1. Example 1: Set the internal host 192.168.20.100 to be accessible by the external host, and the external access address is: 200.30.2.100, the NAT mapping command is as follows:

Router(config)# ip nat inside source static  192.168.20.100  00.30.2.100

2. Example 2: Configure the Web service port 80 of the internal host 192.168.20.100 to be accessible by the external network, with an external access address of 200.30.2.100, with the following NAT mapping command:

Router(config)# ip nat tcp inside  source static  192.168.20.100  80  00.30.2.100  80

Differences between IP NAT inside source and IP NAT outside source

IP NAT inside source indicates converting the source address of an IP packet, when the packet is sent from inside to outside; or converting the destination address of an IP packet, when the packet is transmitted from outside to inside.

IP NAT outside source indicates the conversion of the source address of an IP packet, when the packet is transmitted from outside to inside; or the destination address of an IP packet, when the packet is sent from inside to outside.

The main problems with NAT

  1. It will affect network speed, the application of NAT may make NAT devices a bottleneck in the network, but with the development of hardware and software technology, the problem has gradually been improved.
  2. Incompatible with some applications. If some applications negotiate the IP address and port number for the next session in the payload, the NAT will not be able to address translate the embedded IP address, making these applications inoperable.
  3. Address translation cannot handle messages with IP header encryption.
  4. Path tracing of IP end-to-end is not possible, and after NAT address translation, path tracing of packets will become very difficult.

Terminology for NAT

  1. Inside: A local area network with a private address to which the router is connected. On the internal network, each host is assigned an internal IP address, but behaves as another URL when communicating with the external network. The first address of each host is called the internal local address and the second address is called the external global address.
  2. Outside: The Internet network with a global address to which the router is connected. External network is the network to which the internal network needs to be connected.
  3. Inside Local Address: is the IP address assigned to the internal network host, which may be an illegal IP address not registered with the relevant authority, or a legitimate private network address.
  4. Inside Global Address: A legal global routable address that represents one or more internal local addresses on the external network.
  5. Outside Local Address: The IP address of a host on the external network that is represented on the internal network; this address is an internally routable address and is generally not a globally unique address for registration.
  6. Outside Global Address: The IP address assigned to the external host by the external network, which is a globally routable address.