Basic NAT Concepts and Configuration

Date: Jul 6, 2011

Return to the article

The use of Network Address Translation (NAT) has been wide spread for a number of years; this is because it is able to solve a number of problems with the same relatively simple configuration. At its most basic, NAT enables the ability to translate one set of addresses to another. This enables traffic coming from a specific host to appear as though it is coming from another and do it transparently. This article looks at some of the basic concepts that are used when configuring NAT and reviews the configuration steps required to get NAT working.

The use of Network Address Translation (NAT) has been widespread for a number of years; this is because it is able to solve a number of problems with the same relatively simple configuration. At its most basic, NAT enables the ability to translate one set of addresses to another; this enables traffic coming from a specific host to appear as though it is coming from another and do it transparently. This article looks at some of the basic concepts that are used when configuring NAT and reviews the configuration steps required to get NAT working.

NAT Concepts

There are a number of different concepts that must be explained in order to really get a good understanding of how NAT operates, which ultimately makes the configuration of NAT increasingly simple. This section reviews these different concepts and begins with an understanding of how NAT can be used. Some of the main uses for NAT include:

This is not a complete list of every possible way that NAT can be configured but simply a list of the most common ways that it is used in modern networks.

There are a couple of main concepts that also must be reviewed and understood before configuring NAT:

Inside and Outside Addresses

In typical NAT configurations, interfaces are placed into one of two categories (or locations): inside or outside. Inside indicates traffic that is coming from within the organizational network. Outside indicates traffic that is coming from an external network that is outside the organizational network.

These different categories are then used to define different types of address depending on location of the address and how it is being “seen”. These different types include:

NAT Types

Another important concept to be familiar with is the different types of NAT and how they are defined. On most networks there are three different types of NAT that are defined:

NAT Configuration

There are few methods (and commands) that are used to configure NAT. The main three methods include one for static NAT, one for Dynamic NAT, and one for TCP load sharing.

Static NAT Configuration

There a few steps that are required when configuring static NAT; the number of the commands depends on whether there will be more than one static translation:

1

Enter global configuration mode.

router#configure terminal

2

Configure the static NAT translation (this command can be used multiple times depending on the number of static translations required). The overload keyword enables the use of PAT.

router(config)#ip nat inside source static local-ip global-ip [overload]

3

Enter interface configuration mode for the inside interface.

router(config)#interface interface-id

4

Configure the interface as the inside NAT interface.

router(config-if)#ip nat inside

5

Enter interface configuration mode for the outside interface.

router(config-if)#interface interface-id

6

Configure the interface as the outside NAT interface.

router(config-if)#ip nat outside

7

Exit configuration mode.

router(config-if)#end

Static NAT Configuration Example

To ensure the configuration of static NAT is clear, let’s look at an example (Figure 1) that explains the concepts described above:

Figure 1

In this example, the inside host 192.168.1.20 will be translated to 172.16.1.5 when sending traffic out of interface f0/1.

Dynamic NAT Configuration

Dynamic NAT requires a few additional commands over a static configuration as the source of the traffic and the NAT address pool must be configured:

1

Enter global configuration mode.

router#configure terminal

2

Configure the dynamic NAT address pool.

router(config)#ip nat pool pool-name start-ip end-ip {netmask netmask | prefix-length prefix-length}

3

Configure a static access list to define the addresses to be translated.

router(config)#access-list access-list-number permit source [source-wildcard]

4

Configure the dynamic NAT translation. The overload keyword enables the use of PAT.

router(config)#ip nat inside source list access-list-number pool pool-name [overload]

5

Enter interface configuration mode for the inside interface.

router(config)#interface interface-id

6

Configure the interface as the inside NAT interface.

router(config-if)#ip nat inside

7

Enter interface configuration mode for the outside interface.

router(config-if)#interface interface-id

8

Configure the interface as the outside NAT interface.

router(config-if)#ip nat outside

9

Exit configuration mode.

router(config-if)#end

Dynamic NAT Configuration Example

To ensure the configuration of dynamic NAT is clear, let’s look at an example (Figure 2) that explains the concepts described above:

Figure 2

In this example, the hosts that have addresses from 192.168.1.1 through 192.168.1.254 will be translated to an address from the pool which includes addresses from 172.16.1.10 through 172.16.1.20; if a 12th host attempts to send traffic out of the f0/1 interface, the translation will fail.

TCP Load Balancing Configuration

The TCP load balancing feature enables the ability to assign a single outside address that is translated into one of a pool of addresses in order to balance the load of traffic over a number of different hosts. The following commands are used to configure TCP load balancing:

1

Enter global configuration mode.

router#configure terminal

2

Configure the NAT address pool that contains the list of real host IP addresses to load balance to.

router(config)#ip nat pool pool-name start-ip end-ip {netmask netmask | prefix-length prefix-length} type rotary

3

Configure a static access list to define the virtual address that will be used for outside communication.

router(config)#access-list access-list-number permit source [source-wildcard]

4

Configure TCP server load balancing.

router(config)#ip nat inside destination-list access-list-number pool pool-name

5

Enter interface configuration mode for the inside interface.

router(config)#interface interface-id

6

Configure the interface as the inside NAT interface.

router(config-if)#ip nat inside

7

Enter interface configuration mode for the outside interface.

router(config-if)#interface interface-id

8

Configure the interface as the outside NAT interface.

router(config-if)#ip nat outside

9

Exit configuration mode.

router(config-if)#end

TCP Load Balancing Configuration Example

To ensure the configuration of TCP load balancing is clear, let’s look at an example (Figure 3) that explains the concepts described above:

Figure 3

In this example, all traffic that is addressed to 192.168.1.5 will be translated and sent to the hosts with addresses from 192.168.1.10 through 192.168.1.20 in a round robin fashion.

Summary

There are certainly many different situations where the functionality of NAT can be used. This article takes a look at some of the ways that NAT can be configured and offers examples of how the functionality can be implemented. Hopefully this article has made the concepts and configuration of NAT a little simpler to understand so that they can be implemented with little trouble or confusion.

800 East 96th Street, Indianapolis, Indiana 46240

sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |