Network Address Translation (NAT)

Introduction:

This document provides answers to frequently asked questions about network address translation (NAT).

What is NAT?

 Network Address Translation (NAT) is designed to preserve IP addresses. It activates private IP networks that use unregistered IP addresses to connect to the Internet. NAT works on a router, which usually connects two networks together, and translates private addresses (not unique global) within the internal network into legal addresses before packets are transferred to the other network.

As part of this function, Network Address Translation (NAT) can be configured to publish a single address for the entire network to the outside world. This behavior provides additional security by effectively hiding the entire internal network behind this address. NAT offers the dual function of security and address preservation and is generally implemented in remote-access environments.

How does NAT work?

A. In summary, it allows a single device, such as a router, to act as an agent between the Internet (or a public network) and a local network (or a private network), which means that only one IP address is needed to represent an entire group of computers outside their network.

How to configure NAT?

 To configure traditional NAT, you must create at least one interface on an external router and another interface on an external router. You then need to create a set of rules for translating IP addresses into packet headers (and payloads, if applicable). In order to configure the NAT virtual interface (NVI), you need at least one interface configured with NAT enabled and the same set of rules as mentioned above.

Does NAT occur before or after routing?

 The order in which transactions are processed using NAT depends on the direction of the packet: from the internal network to the external network or from the external network to the internal network. Internal to external translation occurs after routing, while external to internal translation takes place before routing.

Is it possible to deploy NAT in a public wireless LAN environment?

Yes indeed. NAT - Static IP Support functionality provides support for users with static IP addresses, allowing them to establish an IP session in a public wireless LAN environment.
Can I limit the number of NAT translations?

Yes. The Rate-Limiting NAT Translation feature allows you to limit the maximum number of simultaneous NAT operations on the same router. In addition to giving users more control over how NAT addresses are used, the Rate-Limiting NAT Translation feature also helps contain the effects of viruses, worms, and denial of service attacks.

How is routing recorded or propagated for subnets or IP addresses used by NAT?

Routing of IP addresses created by NAT is recorded in the following situations:

The internal global address pool is derived from a next-hop router's subnet.

The static route entry is configured on the next-hop router and redistributed in the routing network.

When the internal global address corresponds to the local interface, NAT installs an IP Alias and an ARP entry, in which case the router executes a proxy-arp command for these addresses. If this behavior is not wanted, use the keyword no-alias.

When a NAT pool is configured, the add-route option can be used for automatic route injection.
How many concurrent NAT sessions are supported with Cisco IOS?

The NAT session limit is limited by the amount of DRAM available on the router. Each NAT translation consumes approximately 312 bytes of DRAM. As a result, 10,000 translations (more than a single router usually handles) consume around 3 MB. As a result, conventional routing hardware has enough memory to support thousands of NAT translations.

Thanks