The Main Features of NAT

The main features of NAT, as supported by Cisco, include the following:

• Static addressing—This one-to-one translation is manually configured.

• Dynamic source address translation—Here, a pool of addresses is defined. These addresses are used as the product of the translation. They must be a contiguous block of

• Port address translation (PAT)—Different local addresses (within the organization) are translated into one address that is globally significant for use on the Internet. The additional identifier of a TCP or UDP port unravels the multiple addresses that have been mapped to single addresses. The uniqueness of the different local addresses is ensured by the use of the port number mapped to the single address.

• Destination address rotary translation—This is used for traffic entering the organization from the outside. The destination address is matched against an access list, and the destination address is replaced by an address from the rotary pool. This is used only for TCP traffic, unless other translations are in effect.


TIP Many other features are supported by Cisco. Therefore, if you intend to implement this technology, take a look at Cisco's web page to discover the full range of options and features of the latest IOS version; Cisco is constantly upgrading and improving the feature set.

The basic operation of NAT is very straightforward, although the phraseology is rather confusing. The list of address definitions in Table 3-8 and the accompanying Figure 3-15 clarify the different terms.

To translate one network address into another, the process must differentiate between the functionality of the addresses being translated. Table 3-8 lists the categories of functions.

Table 3-8 Categories of Functions

Address Definition

Inside global The addresses that connect your organization indirectly to the Internet. Typically, these are the addresses provided by the ISP. These addresses are propagated outside the organization. They are globally unique and are the addresses used by the outside world to connect to inside the organization. Simply explained, they are the addresses that define how the inside addresses are seen globally by the outside.

Inside local The addresses that allow every end device in the organization to communicate.

Although these addresses are unique within the organization, they are probably not globally unique. They may well be private addresses that conform to RFC 1918. They are the inside addresses as seen locally within the organization.

Outside global These are the Internet addresses (all the addresses outside the domain of the organization). They are the outside addresses as they appear to the global Internet.

Outside local These addresses are external to the organization. This is the destination address used by a host inside the organization connecting to the outside world. This will be the destination address of the packet propagated by the internal host. This is how the outside world is seen locally from inside the organization.

Figure 3-15 illustrates the terms of Table 3-8.

Figure 3-15 Use of the NAT Terms

Figure 3-15 Use of the NAT Terms

Was this article helpful?

0 0

Post a comment