Explain the NAT (Network Address Translation), PAT (Port Address Translation), Dynamic NAT and Static NAT
NAT as Network Address Translation
Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.
The Purpose of NAT
There are three purpose to define NAT:
The Requirements of NAT - Network Address Translation
Its a kind of shortage of the public IPv4 address space has forced the all of us to think harder about alternative ways of addressing networked hosts. Network Address Translation (NAT) therefore was introduced to overcome these addressing problems that occurred with the rapid expansion of the Internet.
NAT was suggested as a temporary solution, it has been adopted by all network hardware manufacturers, and it is considered a very useful technology, not only for IP address conservation, but also for many other purposes including security. Basically NAT allows a single network device (e.g a router, firewall etc) to act as an agent between a private local area network and a public network such as the Internet.
The above figure shows that how NAT works, what will be the IPs on the network inside and how it changes at the internet or on public space.
Advantages of NAT:
PAT - Port Address Translation
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
Most of the home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP address to the home network's router. When Computer X logs on the Internet, the router assigns the client a port number, which is appended to the internal IP address.
Port Address Translation is also called porting, port overloading, port-level multiplexed NAT and single address NAT.
This method is one of the most frequently used form of NAT in IP networks. It uses the concept of “many-to-one” translation where multiple connections from different internal hosts are “multiplexed” into a single registered (public) IP address using different source port numbers.
The NAT allows a maximum of 65,536 internal connections to be translated into a single public IP. This type of NAT is very useful in situations where our ISP has assigned us only a single public IP address, as shown below.
Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.
The Purpose of NAT
There are three purpose to define NAT:
- Provides a type of firewall by hiding internal IP addresses
- Enables a company to use more internal IP addresses. Since they're used internally only, there's no possibility of conflict with IP addresses used by other companies and organizations.
- Allows a company to combine multiple ISDN connections into a single Internet connection.
NAT - Network Address Translation |
The Requirements of NAT - Network Address Translation
Its a kind of shortage of the public IPv4 address space has forced the all of us to think harder about alternative ways of addressing networked hosts. Network Address Translation (NAT) therefore was introduced to overcome these addressing problems that occurred with the rapid expansion of the Internet.
NAT was suggested as a temporary solution, it has been adopted by all network hardware manufacturers, and it is considered a very useful technology, not only for IP address conservation, but also for many other purposes including security. Basically NAT allows a single network device (e.g a router, firewall etc) to act as an agent between a private local area network and a public network such as the Internet.
The above figure shows that how NAT works, what will be the IPs on the network inside and how it changes at the internet or on public space.
Advantages of NAT:
- NAT helps to mitigate the depletion of the global public IP address space.
- Networks can now use the RFC 1918 private address space internally and still have a way to access the Internet using NAT.
- NAT increases security by hiding the internal network topology and addressing scheme.
PAT - Port Address Translation
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
PAT - Port Address Translation |
Most of the home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP address to the home network's router. When Computer X logs on the Internet, the router assigns the client a port number, which is appended to the internal IP address.
Port Address Translation is also called porting, port overloading, port-level multiplexed NAT and single address NAT.
This method is one of the most frequently used form of NAT in IP networks. It uses the concept of “many-to-one” translation where multiple connections from different internal hosts are “multiplexed” into a single registered (public) IP address using different source port numbers.
The NAT allows a maximum of 65,536 internal connections to be translated into a single public IP. This type of NAT is very useful in situations where our ISP has assigned us only a single public IP address, as shown below.
Configurations of Port Address Translation(PAT)
NTW(config)# interface ethernet 0
NTW(config-if )# ip address 192.168.31.1 255.255.255.0
NTW(config-if )# ip nat inside
NTW(config)# interface serial 0
NTW(config-if )# ip address 213.18.122.100 255.255.255.0
NTW(config-if )# ip nat outside
NTW(config)# ip nat pool overload-pool 213.18.122.100 213.18.122.100 prefix-length 24
NTW(config)# ip nat inside source list 1 pool overload-pool overload
NTW(config)# access-list 1 permit 192.168.31.0 0.0.0.255
Dynamic NAT as Dynamic Network Address Translation
Dynamic NAT translates internal private IP addresses to public addresses from a range (pool) of public addresses assigned to our network from an ISP.
In a simple way we can say that as Dynamic network address translation (Dynamic NAT) is a technique in which multiple public Internet Protocol (IP) addresses are mapped and used with an internal or private IP address.
It allows a user to connect a local computer, server or networking device to an external network or Internet group with an unregistered private IP address that has a group of available public IP addresses.
Dynamic NAT as Network Address Translation bridges the communication and packet routing path between private/protected/internal networks and the Internet. Each internal device on an unregistered IP address requesting Internet access can select from a group of public IP addresses.
Dynamic NAT is usually configured on a router that maintains a group of public IP addresses in a network address translation (NAT) table. For each outgoing packet, the router replaces its source, a private IP address, with the first available public IP address.
While packet is received from the destination node, it reviews the NAT table to find its private IP address and then routes the packet to the corresponding node.
Configurations of Dynamic NAT as Dynamic Network Address Translation
NTW(config)# interface ethernet 0
NTW(config-if)# ip address 192.168.31.1 255.255.255.0
NTW(config-if)# ip nat inside
NTW(config)# interface serial 0
NTW(config-if)# ip address 100.100.100.1 255.255.255.252
NTW(config-if)# ip nat outside
NTW(config)# ip nat pool dynamic-pool 213.18.122.0 213.18.122.255 prefix-length 24
NTW(config)# ip nat inside source list 1 pool dynamic-pool
NTW(config)# access-list 1 permit 192.168.31.0 0.0.0.255
Static NAT as Static Network Address translation
Static Port Address Translation (Static PAT or SPAT) allows one to one mapping between local and global addresses. WIth Static PAT, multiple internal host can share a single IP Address for communication, thus saving public IP Address usage.
Configuration of Static NAT
NTW(config)# interface ethernet 0
NTW(config-if)# ip address 192.168.31.1 255.255.255.0
NTW(config-if)# ip nat inside
NTW(config)# interface serial 0
NTW(config-if)# ip address 100.100.100.1 255.255.255.252
NTW(config-if)# ip nat outside
NTW(config)# ip nat inside source static 192.168.31.10 213.18.122.110
NTW(config)# ip nat inside source static 192.168.31.12 213.18.122.111
NTW(config)# ip nat inside source static 192.168.31.15 213.18.122.112
Port Redirection
This is useful in situations where we have a single public IP address and we need to use it for accessing two or more internal servers from outside.
Port redirection allows the ISA firewall to accept a connection request on one port and then forward that request to an alternate port on the published Web server.
Configurations of Port Redirection
NTW(config)# interface ethernet 0
NTW(config-if)# ip address 192.168.31.1 255.255.255.0
NTW(config-if)# ip nat inside
NTW(config)# interface serial 0
NTW(config-if)# ip address 100.100.100.1 255.255.255.252
NTW(config-if)# ip nat outside
NTW(config)# ip nat inside source static tcp 192.168.31.10 80 100.100.100.1 80
NTW(config)# ip nat inside source static tcp 192.168.31.20 25 100.100.100.1 25
Comments
Post a Comment