Share this
Your Ultimate NAT Configuration Guide for Cisco IOS – Pt. 1
by PivIT Global on Aug 18, 2022 7:11:00 AM
A networking system requires a unique IP address to communicate with the internet. However, network communications nowadays are slightly different from how they used to be. Back in the day, most, if not all, services and applications were locally hosted within the enterprise network, and just a few were available on the internet.
Today, it is quite the opposite, and most of the services needed for everyday operations are available on the internet. Because of this dependency on the internet, networks are designed in a unique way, allowing internal local network communications and access to the internet when necessary. This concept is based on two types of IPv4 addresses, each with a specific purpose.
Part 1 of this article provides an overview of Network Address Translation (NAT), its benefits, and the available types. Take a look at Part 2 to get an overview of the three types of NAT and how to configure each one.
Not what you're looking for? Here are some of our other popular articles:
- A Must-Have Troubleshooting Guide: Aruba AP 305 Login Issues
- The Complete Solutions Guide to a Redundant Switched Topology – Pt. 1
- The Complete Solutions Guide to a Redundant Switched Topology – Pt. 2
- Fundamental Firewall Technology Principles: What Is a Firewall?
What Is the Problem With IPv4?
The growing popularity of the internet in the 1990s led to potential network problems that threatened global network communications. The reason for that was the insufficient IPv4 address space, which was not large enough to identify all network-capable devices needing internet access.
The private IPv4 address range was reserved as a solution to this limitation. The idea behind this concept was to save on the total unique IPv4 addresses used by allowing to reuse the same private IPv4 addresses inside the local networks. However, internet routers cannot route these IPv4 addresses, only public IPv4 addresses that the service providers assign.
For that reason, a mechanism for translating private into public IPv4 addresses is required; this is where NAT comes in handy. With this concept, the internal devices can participate in the local network and access the internet when desired.
Network Address Translation Overview
NAT was designed for preserving IPv4 address space. It is a service that translates IP addresses, primarily private IPv4 addresses, into public IPv4 addresses. However, with NAT, you can translate any IPv4 address into another one, such as private into private, public into public, or public into private IPv4 address.
NAT is usually implemented on devices such as routers and firewalls located on the internet edge of the topology that connects to the service providers to provide internet access for the network. This approach allows internal devices to use private IPv4 addresses for local internal communication within the enterprise but use public IPv4 addresses when sending data to the internet.
View the image above for a better understanding of NAT. PC1 uses a private IPv4 address of 192.168.1.10 for internal communication within the enterprise network of 192.168.1.0/24.
However, when it needs to ping the public DNS server (8.8.8.8) on the internet, the router performs a NAT translation and translates the private IPv4 address used as a source IP in the packet into a new public one, such as 203.0.113.1. Now the packet can be accepted by the service provider and eventually reach the destination IP.
Do you need a new router, switch, or firewall to implement NAT, but you've been delayed by OEMs due to the chip shortage, or they've simply dropped the ball? At PivIT, we are dedicated to decreasing lead times to a minimum. Here are 4 steps you can take to avoid long lead times.
Advantages and Disadvantages of NAT
Although NAT provides many benefits, it also has some drawbacks. So, let's find out what they are so you can better understand when implementing NAT.
Besides the main purpose of translating IPv4 addresses, NAT offers some extra advantages, such as:
- providing an additional layer of security by hiding the private IPv4 addresses from the public internet,
- increasing the flexibility of the connection to the public networks, and
- helping in a situation when two companies merge and they have an overlapping IP address space.
On the contrary, when implementing NAT, the end-to-end connectivity is lost, which can badly affect some applications that depend on that. Additionally, end-to-end traceability is lost, issues with VPNs can occur if not handled properly, and it can even degrade network performance in some situations.
NAT Terminology
When using NAT, translated addresses are categorized into two different types based on the classification used. The first classification divides the addresses based on where they exist in the network, and they are:
- Inside addresses: These are the addresses belonging to the network in question, the private IPs used for local communications, and public IPs for internet connectivity.
- Outside addresses: These are the addresses external to the network in question, such as addresses of devices on the internet or other enterprises to which data is sent.
The second classification complements the first one and divides the addresses based on where the addresses are seen, and they are:
- Local addresses: Addresses intended to be used between devices in the local network, such as private addresses.
- Global addresses: Addresses intended to be used on the public internet. Usually, after a NAT translation, these public addresses allow communication on the internet.
____________
Hardware Options
At PivIT, we bring options to the table that your traditional VAR won't, whether it is OEM options, financing options, maintenance options, and more. Click below to browse for a router and get started bringing options to your network!
____________
The Four NAT Terms
View the image below. When a Cisco router performs NAT translation, that information is included inside the NAT table and identifies the session between the sender and the recipient.
"Inside Local" represents the private IPv4 address of the sender (192.168.1.10), while "Inside Global" represents the inside local IP to the outside world or, in other words, the translated public IPv4 address of 203.0.113.1.
"Outside Local" and "Outside Global" addresses represent the same public IPv4 address (209.165.202.129) used by the recipient (the server in the image) by default. If required, that can be changed, and a different IPv4 (Outside Local) can be used to represent the destination host inside the local network.
NAT in Production
What happens when PC1 pings the server? View the image below. The packet exits PC1 with a source IP of 192.168.1.10 (inside local), and after NAT, it is replaced with a public IP of 203.0.113.1 (inside global).
In the meantime, the destination IP of the server 209.165.202.129 (outside local and outside global) stays the same in the Layer 3 header. When the server replies to PC1, the source IP of that packet is 209.165.202.129, while the destination IP is 203.0.113.1.
Upon receipt of the packet, the router performs NAT based on the data in the NAT table, translates the destination IP from 203.0.113.1 to 192.168.1.10, and sends the packet to PC1.
NAT is nothing more than a simple translation of IP addresses that allows devices to communicate not only in the local enterprise network but to the internet as well. To learn more about the types of NAT, their purpose, and how to configure them, check out Part 2 of this article.
Are no resources available for configuring NAT? PivIT offers SmartHands as part of its EXTEND product. Gain access to engineers around the globe to help build your wired and wireless networks without ever leaving your desk when you are tackling staff shortages, complex environments, office relocations, or emergency situations.
Share this
- Configuration Guides (47)
- Cisco Routers (29)
- Switches (27)
- Network Security (23)
- Cisco Switches (21)
- Routing Protocols (21)
- Routers (20)
- Cisco (19)
- Product Comparisons (19)
- Firewall (18)
- Cisco Security (17)
- Cisco Technical Information (17)
- IT Hardware Solutions (17)
- Network Protocols (17)
- Wireless (17)
- Security (15)
- OneCall (13)
- Servers (12)
- cisco asa (12)
- Cisco Wireless (11)
- Router Protocols (11)
- Cisco Catalyst (9)
- Cisco UCS (9)
- Upgrading Network (9)
- Cisco Servers (8)
- Product Highlight (8)
- Access Control Lists (7)
- Fortinet (7)
- Server Comparisons (7)
- Access Points (6)
- Arista Networks (6)
- OSPF (6)
- Wireless APs (6)
- Cisco ASR (5)
- Cloud Solutions (5)
- HPE-Aruba Wireless (5)
- Juniper Mist (5)
- Network Management (5)
- SD-WAN (5)
- Storage (5)
- Switch Comparison (5)
- Back To Basics (4)
- Cybersecurity (4)
- EIGRP (4)
- Firewall Architecture (4)
- HSRP (4)
- Juniper Networks (4)
- Network Automation (4)
- Network Servers (4)
- OEM Comparison (4)
- Aruba Central (3)
- Cisco Telephony (3)
- DHCP (3)
- DHCP Snooping (3)
- Dell EMC PowerEdge (3)
- Internet (3)
- Maintenance (3)
- Maintenance Renewal (3)
- Network Accessories (3)
- TPM (3)
- Telephony (3)
- aruba (3)
- Cisco NX-OS (2)
- Cisco Nexus (2)
- Dell Servers (2)
- Fortinet NGFWs (2)
- IT Trends (2)
- LAN Networks (2)
- Network Time Protocol (2)
- Palo Alto NGFWs (2)
- Rapid PVST+ (2)
- Remote Configuration (2)
- Software Defined Networking (2)
- WLAN (2)
- Ways to Save (2)
- fortigate (2)
- Asset Management (1)
- CPU Usage (1)
- Cisco AIR-CT (1)
- Cisco Aironet (1)
- Cisco DNA (1)
- Cisco ISR (1)
- Cisco Supervisor Engines (1)
- Cisco UCS Manager (1)
- Cognitive Campus (1)
- Cost of Downtime (1)
- Dell EMC Data Domain (1)
- Edge Switches (1)
- Fabric Extenders (1)
- GRE Tunnel (1)
- HPE BL (1)
- Juniper SRX (1)
- Nexus Switches (1)
- Nutanix (1)
- Optics (1)
- PowerEdge R740xd (1)
- STP Extension (1)
- Sparing Integrity Program (1)
- Switched Virtual Interface (1)
- TCP (1)
- UCS Fabric Interconnects (1)
- hyperconverge (1)
- April 2024 (2)
- March 2024 (1)
- February 2024 (2)
- January 2024 (1)
- December 2023 (1)
- November 2023 (2)
- October 2023 (1)
- September 2023 (3)
- August 2023 (5)
- July 2023 (2)
- June 2023 (4)
- May 2023 (5)
- April 2023 (8)
- March 2023 (7)
- February 2023 (5)
- January 2023 (2)
- December 2022 (3)
- November 2022 (3)
- October 2022 (8)
- September 2022 (9)
- August 2022 (9)
- July 2022 (8)
- June 2022 (9)
- May 2022 (5)
- April 2022 (3)
- March 2022 (1)
- February 2022 (2)
- November 2021 (2)
- October 2021 (1)
- September 2021 (2)
- August 2021 (2)
- July 2021 (3)
- June 2021 (2)
- May 2021 (4)
- April 2021 (4)
- March 2021 (2)
- February 2021 (1)
- January 2021 (2)
- December 2020 (2)
- November 2020 (2)
- October 2020 (2)
- September 2020 (2)
- August 2020 (4)
- July 2020 (5)
- June 2020 (4)
- May 2020 (6)
- April 2020 (2)
- March 2020 (1)
- February 2020 (2)
- January 2020 (2)
- December 2019 (1)
- May 2019 (2)
- April 2019 (5)
- February 2019 (1)
- January 2019 (3)
- December 2018 (1)
No Comments Yet
Let us know what you think