Any host which wants to communicate with other hosts over the internet must have a public IP address assigned to it. A public IP address is a globally unique IP address.
But having a public IP address for each and every host in the organization is not possible because the public IP addresses are very limited.
The hosts in the organization will be using private IP addresses.But by using private IP address the hosts cannot communicate over the internet.So NAT(Network Address Translation) allows the hosts with private IP address to communicate over the internet.This is possible since NAT converts the private IP address to public IP address.
NAT uses a single or multiple (a range) of public IP addresses to convert the private IP addresses the hosts are having in the organization.
NAT changes the source IP address of each IP packet from private address to public address if its an outgoing packet. If its an incoming packet then the destination IP address is changed from public IP address to private IP address.
In the above figure we can see that the router is configured with NAT. Any packet which is going from PC-1 to www.databytestech.com(webserver on internet) will have its source IP address changed from 192.168.1.10 to 200.1.20.8 after performing NAT(In this case when the packet crosses the router R1). Here 192.168.1.10 is private IP address and 200.1.20.8 is public IP address and when the outgoing IP packet crosses the NAT router. then the source IP address is changed from 192.168.1.10 to 200.1.20.8 .
For the incoming packet the destination IP address in the destination field will be changed from 200.1.20.8 to 192.168.1.10 when it crosses the NAT router.
In static NAT the public IP addresses are statically mapped to the private IP addresses in the company and the mapping would be one-to-one mapping. This means that for each host(private IP address) in the company we need a public IP address for the hosts to communicate to other hosts on the internet.For example if the company has 100 private address used by 100 hosts then with static NAT, the company needs 100 public addresses to map each public address to each private address.
We can understand static NAT from the below example.
there are 3 hosts means 3 private addresses. Here static NAT is configured.The three private addresses are 192.168.1.2,192.168.1.3 and 192.168.1.4 are statically mapped to three public addresses 180.1.1.2,180.1.1.3 and 180.1.1.4.The mapping are one-to-one. 192.168.1.2 is mapped to 180.1.1.2,192.168.1.3 is mapped to 180.1.1.3 and 192.168.1.4 is mapped to 180.1.1.4.
When the IP packet with the source ip address 192.168.1.2 passes through NAT router the source IP address of that packet is changed to 180.1.1.2.
When the IP packet with the source ip address 192.168.1.3 passes through NAT router the source IP address of that packet is changed to 180.1.1.3.
When the IP packet with the source ip address 192.168.1.4 passes through NAT router the source IP address of that packet is changed to 180.1.1.4.
When the IP packet with the destination ip address 180.1.1.2 passes through NAT router the destination IP address of that packet is changed to 192.168.1.2
When the IP packet with the destination ip address 180.1.1.3 passes through NAT router the destination IP address of that packet is changed to 192.168.1.3
When the IP packet with the destination ip address 180.1.1.4 passes through NAT router the destination IP address of that packet is changed to 192.168.1.4
Dynamic NAT defines a pool of possible inside global addresses and a pool of inside local addresses which matches certain condition(defined by acl) should be translated.
Refer to the fig below.
Here a pool of three inside global addresses has been defined, which are from 180.1.1.2 through 180.1.1.4.
By using the dynamic NAT the inside local addresses will be translated to this pool of inside global addresses.
Host 192.168.1.2 sends the packet to the server 200.1.1.1 on the internet. when the packet reaches the NAT router the router checks the source address of the packet matches the acl . Since it matches the ACL then the source IP address 192.168.1.2 is added as the inside local address.
The NAT router allocates the IP address from the defined pool of inside global IP address.It does so by selecting the first available IP address as the global IP address and it is added to the NAT table.
In the above example, 180.1.1.2 is added as inside global address in the NAT table.
The NAT router translates the source IP address to the allocated inside global address and forwards the packet.
As long as the traffic flows the dynamic entry remains in the table.
we can configure a timeout value that defines the period how long the router should wait without translating any packets with that address without removing that dynamic entry.
The dynamic entries can be cleared manually by using the command "clear ip nat translation"
Dynamic NAT allows us to have more inside local addresses than the inside global addresses.
In this scenerio, if all the inside global addresses are allocated and if a new packet from another host is received by the NAT router then the router discards that packet.
So the host must wait until the nat entry timesout and then send the packet. Now the NAT function allocates the inside global addresses for the next packet.
1) PAT uses a inside global IP address as well as a unique port number with that address.
2)The NAT router maintains a NAT table, which contains entries of dynamic mapping between inside local IP address and ports which will be translated to the inside global IP address and a unique port number which will be used with that inside global IP address.
3)NAT overload allows us to use 65000 port numbers since the port number field has 16 bits.
But having a public IP address for each and every host in the organization is not possible because the public IP addresses are very limited.
The hosts in the organization will be using private IP addresses.But by using private IP address the hosts cannot communicate over the internet.So NAT(Network Address Translation) allows the hosts with private IP address to communicate over the internet.This is possible since NAT converts the private IP address to public IP address.
NAT uses a single or multiple (a range) of public IP addresses to convert the private IP addresses the hosts are having in the organization.
Example:
NAT changes the source IP address of each IP packet from private address to public address if its an outgoing packet. If its an incoming packet then the destination IP address is changed from public IP address to private IP address.
In the above figure we can see that the router is configured with NAT. Any packet which is going from PC-1 to www.databytestech.com(webserver on internet) will have its source IP address changed from 192.168.1.10 to 200.1.20.8 after performing NAT(In this case when the packet crosses the router R1). Here 192.168.1.10 is private IP address and 200.1.20.8 is public IP address and when the outgoing IP packet crosses the NAT router. then the source IP address is changed from 192.168.1.10 to 200.1.20.8 .
For the incoming packet the destination IP address in the destination field will be changed from 200.1.20.8 to 192.168.1.10 when it crosses the NAT router.
STATIC NAT
In static NAT the public IP addresses are statically mapped to the private IP addresses in the company and the mapping would be one-to-one mapping. This means that for each host(private IP address) in the company we need a public IP address for the hosts to communicate to other hosts on the internet.For example if the company has 100 private address used by 100 hosts then with static NAT, the company needs 100 public addresses to map each public address to each private address.
We can understand static NAT from the below example.
there are 3 hosts means 3 private addresses. Here static NAT is configured.The three private addresses are 192.168.1.2,192.168.1.3 and 192.168.1.4 are statically mapped to three public addresses 180.1.1.2,180.1.1.3 and 180.1.1.4.The mapping are one-to-one. 192.168.1.2 is mapped to 180.1.1.2,192.168.1.3 is mapped to 180.1.1.3 and 192.168.1.4 is mapped to 180.1.1.4.
When the IP packet with the source ip address 192.168.1.2 passes through NAT router the source IP address of that packet is changed to 180.1.1.2.
When the IP packet with the source ip address 192.168.1.3 passes through NAT router the source IP address of that packet is changed to 180.1.1.3.
When the IP packet with the source ip address 192.168.1.4 passes through NAT router the source IP address of that packet is changed to 180.1.1.4.
When the IP packet with the destination ip address 180.1.1.2 passes through NAT router the destination IP address of that packet is changed to 192.168.1.2
When the IP packet with the destination ip address 180.1.1.3 passes through NAT router the destination IP address of that packet is changed to 192.168.1.3
When the IP packet with the destination ip address 180.1.1.4 passes through NAT router the destination IP address of that packet is changed to 192.168.1.4
Dynamic NAT
In Dynamic NAT configuration, The NAT router creates the one-to-one mapping between inside local and inside global address but its done dynamically.Dynamic NAT defines a pool of possible inside global addresses and a pool of inside local addresses which matches certain condition(defined by acl) should be translated.
Refer to the fig below.
Here a pool of three inside global addresses has been defined, which are from 180.1.1.2 through 180.1.1.4.
By using the dynamic NAT the inside local addresses will be translated to this pool of inside global addresses.
Host 192.168.1.2 sends the packet to the server 200.1.1.1 on the internet. when the packet reaches the NAT router the router checks the source address of the packet matches the acl . Since it matches the ACL then the source IP address 192.168.1.2 is added as the inside local address.
The NAT router allocates the IP address from the defined pool of inside global IP address.It does so by selecting the first available IP address as the global IP address and it is added to the NAT table.
In the above example, 180.1.1.2 is added as inside global address in the NAT table.
The NAT router translates the source IP address to the allocated inside global address and forwards the packet.
As long as the traffic flows the dynamic entry remains in the table.
we can configure a timeout value that defines the period how long the router should wait without translating any packets with that address without removing that dynamic entry.
The dynamic entries can be cleared manually by using the command "clear ip nat translation"
Dynamic NAT allows us to have more inside local addresses than the inside global addresses.
In this scenerio, if all the inside global addresses are allocated and if a new packet from another host is received by the NAT router then the router discards that packet.
So the host must wait until the nat entry timesout and then send the packet. Now the NAT function allocates the inside global addresses for the next packet.
Port Address Translation(PAT) or NAT overload
1) PAT uses a inside global IP address as well as a unique port number with that address.
2)The NAT router maintains a NAT table, which contains entries of dynamic mapping between inside local IP address and ports which will be translated to the inside global IP address and a unique port number which will be used with that inside global IP address.
3)NAT overload allows us to use 65000 port numbers since the port number field has 16 bits.