Network Address Translation NAT Tutorial
To go to the Internet we need to get an public IP address and it is unique all over the world. If each host in the world required a unique public IP address, we would have run out of IP address years ago. But by using Network Address Translation (NAT) we can save tons of IP addresses for later uses. We can understand NAT like this:
“NAT allows a host that does not have a valid registered IP address to communicate with other hosts through the Internet”
For example your computer is assigned a private IP address of 10.0.0.9 and of course this address can not be routed on the internet but you can still access the internet. This is because your router (or modem) translates this address into a public IP address, 123.12.23.1 for example, before routing your data into the internet.
Of course when your router receives a reply packet destined for 123.12.23.1 it will convert back to your private IP 10.0.0.9 before sending that packet to you.
Maybe you will ask “hey, I don’t see any difference of using NAT to save tons of IP addresses because you still need a public IP address for each host to access the Internet and it doesn’t save you anything, why you need to use NAT?”
Ok, you are right :), in the above example we don’t see its usefulness but you now understand the fundamental of NAT!
Let’s take another example!
Suppose your company has 500 employees but your Internet Service Provider (ISP) only gives you 50 public IP addresses. It means that you can only allow 50 hosts to access the internet at the same time. Here NAT comes to save your life!
One thing you should notice that in real life, not all of your employees uses internet at the same time. Say, maybe 50 of them use internet to read newspaper at the morning; 50 others use internet at noon for checking mail… By using NAT you can dynamically assign these 50 public IP addresses to those who really need them at that time. This is called dynamic NAT.
But the above NAT solution does not solve our problem completely because in some days there can be more than 50 people surfing web at the morning. In this case, only the first 50 people can access internet, others must wait to their turns.
Another problem is, in fact, your ISP only gives you much lesser IP addresses than the number 50 because each public IP is very precious now.
To solve the two problems above, another feature of NAT can be used: NAT Overload or sometimes called Port Address Translation (PAT)
PAT permits multiple devices on a local area network (LAN) to be mapped to a single public IP address with different port numbers. Therefore, it’s also known as port address translation (PAT). When using PAT, the router maintains unique source port numbers on the inside global IP address to distinguish between translations. In the below example, each host is assigned to the same public IP address 123.1.1.1 1 but with different port numbers (from 1000 to 1002).
Note: Cisco uses the term inside local for the private IP addresses and inside global for the public IP addresses replaced by the router.
The outside host IP address can also be changed with NAT. The outside global address represents the outside host with a public IP address that can be used for routing in the public Internet.
The last term, outside local address, is a private address of an external device as it is referred to by devices on its local network. You can understand outside local address as the inside local address of the external device which lies at the other end of the Internet.
Maybe you will ask how many ports can we use for each IP? Well, because the port number field has 16 bits, PAT can support about 216 ports, which is more than 64,000 connections using one public IP address.
Now you has learned all the most useful features of NAT but we should summary all features of NAT:
There are two types of NAT translation: dynamic and static.
Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network.
Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address.
PAT (NAT Overloading): is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports. Static NAT and Dynamic NAT both require a one-to-one mapping from the inside local to the inside global address. By using PAT, you can have thousands of users connect to the Internet using only one real global IP address. PAT is the technology that helps us not run out of public IP address on the Internet. This is the most popular type of NAT.
Besides NAT gives you the option to advertise only a single address for your entire network to the outside world. Doing this effectively hides the internal network from the public world really well, giving you some additional security for your network.
NAT terms:
* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.
To learn how to configure NAT please read my Configure NAT GNS3 Lab tutorial
thanks for guiding such a great manner
tomorrow is my day
thanks 9tut, great job
score 894
in addition to this here is a video that explains and configures NAT in detail
http://videos.cbtvid.com/2011/05/network-address-translation.html
exactly how many devices can br PAT-ed by a single router ??
great info great job!! many thanxxx
Thanks a lottttttttttttttttttt
Hey netcert, the link to the video that you have given was really very useful. It explains NAT in a very detailed manner.
I’m I dont know where to begin, am really grateful for the support…thank you 9tut
thanks a lot for the clear explanation great help
Thanks a lotttttttttttttttt for the clear explanation
This site is so awesome, props!
this is it,
thanks very much for clear elaboration .
this is thank you very much
greet Job
thanks a lot for very clear describsation.
again tanks for exploration.
thanks alot
i am beginner in networking
pls explain about nat
inside local address
inside global address
outside local address
outside global address
pls!!!!!!!!!!
@msr
have you read the tutorial above? please do so. thank you
hi!
i was read !but these confusing!
just explain!
thanks to 9tut really i understood nat and pat , please keep helping us .
very nice teach about nat
Really very good tutorials……….
Really very good tutorials……….
and they are very helpfull explaning teh concepts very properly and clearly
@MSR, if you don’t understand the tutorial above, plz jump in the sea and never come back here hahaha
MSR check the video that netcert suggest. it s very clear. I was lost until watch this.
thanks for the elaboration
i love cisco
I have read whole chapters of NAT but was not as crystal clear as i am now after reading this article… many thanks great job 9tut
what does ” prefix-length “19 mean ????
what is the syntax for configuring diferent nat types. comman syntax missing in this tutorial.
Hi! my identify is Jully. I would like to meemeet respected brat :)
This is my homepage – http://jskdh5jkd7djh4.com/l
What about the comands????
you write here that PAT is many-to-one, but it is also many to few. isn’t it?
Thanks
wonderful website for those who face ccna test.
thanks for this wonderful information of NAT.
thanks, 4 helping this explanation of NAT with demo.
thanks 9tut 4 this tutorial.its mind blowing
very nice information
Thank so much
Always 9tut the best snapshot to CCNA. Many thanks.. simple and straight
i hope i will pass my exam the day after tomorow
really nice tutorial, WAY TO GO 9TUT!!
thanks for the materials , this is marvelous
thank you 9tut, i love u.uuuuuuuuuuuuuuuuuu
really great explanation…
thank u … this is awesome example