Your Ultimate NAT Configuration Guide for Cisco IOS – Pt. 1

A networking system requires a unique IP address to communicate with the internet. However, network communications nowadays are slightly different from how they used to be. Back in the day, most, if not all, services and applications were locally hosted within the enterprise network, and just a few were available on the internet.

Today, it is quite the opposite, and most of the services needed for everyday operations are available on the internet. Because of this dependency on the internet, networks are designed in a unique way, allowing internal local network communications and access to the internet when necessary. This concept is based on two types of IPv4 addresses, each with a specific purpose.

Part 1 of this article provides an overview of Network Address Translation (NAT), its benefits, and the available types. Take a look at Part 2 to get an overview of the three types of NAT and how to configure each one.

Not what you're looking for? Here are some of our other popular articles:

• A Must-Have Troubleshooting Guide: Aruba AP 305 Login Issues
• The Complete Solutions Guide to a Redundant Switched Topology – Pt. 1
• The Complete Solutions Guide to a Redundant Switched Topology – Pt. 2
• Fundamental Firewall Technology Principles: What Is a Firewall?

What Is the Problem With IPv4?

The growing popularity of the internet in the 1990s led to potential network problems that threatened global network communications. The reason for that was the insufficient IPv4 address space, which was not large enough to identify all network-capable devices needing internet access.  

The private IPv4 address range was reserved as a solution to this limitation. The idea behind this concept was to save on the total unique IPv4 addresses used by allowing to reuse the same private IPv4 addresses inside the local networks. However, internet routers cannot route these IPv4 addresses, only public IPv4 addresses that the service providers assign.

For that reason, a mechanism for translating private into public IPv4 addresses is required; this is where NAT comes in handy. With this concept, the internal devices can participate in the local network and access the internet when desired.

Network Address Translation Overview

NAT was designed for preserving IPv4 address space. It is a service that translates IP addresses, primarily private IPv4 addresses, into public IPv4 addresses. However, with NAT, you can translate any IPv4 address into another one, such as private into private, public into public, or public into private IPv4 address.

NAT is usually implemented on devices such as routers and firewalls located on the internet edge of the topology that connects to the service providers to provide internet access for the network. This approach allows internal devices to use private IPv4 addresses for local internal communication within the enterprise but use public IPv4 addresses when sending data to the internet.

View the image above for a better understanding of NAT. PC1 uses a private IPv4 address of 192.168.1.10 for internal communication within the enterprise network of 192.168.1.0/24.

However, when it needs to ping the public DNS server (8.8.8.8) on the internet, the router performs a NAT translation and translates the private IPv4 address used as a source IP in the packet into a new public one, such as 203.0.113.1. Now the packet can be accepted by the service provider and eventually reach the destination IP.

Do you need a new router, switch, or firewall to implement NAT, but you've been delayed by OEMs due to the chip shortage, or they've simply dropped the ball? At PivIT, we are dedicated to decreasing lead times to a minimum. Here are 4 steps you can take to avoid long lead times.

Advantages and Disadvantages of NAT

Although NAT provides many benefits, it also has some drawbacks. So, let's find out what they are so you can better understand when implementing NAT.

Besides the main purpose of translating IPv4 addresses, NAT offers some extra advantages, such as:

• providing an additional layer of security by hiding the private IPv4 addresses from the public internet,
• increasing the flexibility of the connection to the public networks, and
• helping in a situation when two companies merge and they have an overlapping IP address space.

On the contrary, when implementing NAT, the end-to-end connectivity is lost, which can badly affect some applications that depend on that. Additionally, end-to-end traceability is lost, issues with VPNs can occur if not handled properly, and it can even degrade network performance in some situations.

NAT Terminology

When using NAT, translated addresses are categorized into two different types based on the classification used. The first classification divides the addresses based on where they exist in the network, and they are:

• Inside addresses: These are the addresses belonging to the network in question, the private IPs used for local communications, and public IPs for internet connectivity.
• Outside addresses: These are the addresses external to the network in question, such as addresses of devices on the internet or other enterprises to which data is sent.

The second classification complements the first one and divides the addresses based on where the addresses are seen, and they are:

• Local addresses: Addresses intended to be used between devices in the local network, such as private addresses.
• Global addresses: Addresses intended to be used on the public internet. Usually, after a NAT translation, these public addresses allow communication on the internet.

____________

Hardware Options

At PivIT, we bring options to the table that your traditional VAR won't, whether it is OEM options, financing options, maintenance options, and more. Click below to browse for a router and get started bringing options to your network!

____________

The Four NAT Terms

View the image below. When a Cisco router performs NAT translation, that information is included inside the NAT table and identifies the session between the sender and the recipient.

"Inside Local" represents the private IPv4 address of the sender (192.168.1.10), while "Inside Global" represents the inside local IP to the outside world or, in other words, the translated public IPv4 address of 203.0.113.1.

"Outside Local" and "Outside Global" addresses represent the same public IPv4 address (209.165.202.129) used by the recipient (the server in the image) by default. If required, that can be changed, and a different IPv4 (Outside Local) can be used to represent the destination host inside the local network.

NAT in Production

What happens when PC1 pings the server? View the image below. The packet exits PC1 with a source IP of 192.168.1.10 (inside local), and after NAT, it is replaced with a public IP of 203.0.113.1 (inside global).

In the meantime, the destination IP of the server 209.165.202.129 (outside local and outside global) stays the same in the Layer 3 header. When the server replies to PC1, the source IP of that packet is 209.165.202.129, while the destination IP is 203.0.113.1.

Upon receipt of the packet, the router performs NAT based on the data in the NAT table, translates the destination IP from 203.0.113.1 to 192.168.1.10, and sends the packet to PC1.

NAT is nothing more than a simple translation of IP addresses that allows devices to communicate not only in the local enterprise network but to the internet as well. To learn more about the types of NAT, their purpose, and how to configure them, check out Part 2 of this article.

Are no resources available for configuring NAT? PivIT offers SmartHands as part of its EXTEND product. Gain access to engineers around the globe to help build your wired and wireless networks without ever leaving your desk when you are tackling staff shortages, complex environments, office relocations, or emergency situations.