Contents

Overview...................................................................................................................................................1
Part 1..........................................................................................................................................................1
RFC1918 and NAT Terms.......................................................................................................................2
RFC 1918...............................................................................................................................................3
NAT Terms:...........................................................................................................................................5
NAT Types.................................................................................................................................................7
Static NAT.............................................................................................................................................8
Dynamic NAT.....................................................................................................................................11
Source Address Theory....................................................................................................................11
NAT and PAT Theory........................................................................................................................14
Part 23.....................................................................................................................................................16
Cheat Sheet:...........................................................................................................................................18

Overview

Part 1

 In the section we're going to discuss network address translation or NAT and port
address translation PAT.
 We'll discuss why NAT is required?
 Why do we use NAT in networks today?
 We'll also discuss the difference between NAT and PAT and
 we'll discuss the Cisco term overloading which implies NAT.
a lot of network engineers talk about NAT even though they actually mean PAT. So, we
need to understand the differences between those two terms and as always I'd like to
demonstrate how to set up NAT using the command line interface.
 We'll look at different types of NAT including Static NAT, Dynamic NAT and PAT or
Overloading as Cisco call it.
#demonstration on PC #see video

so, a Network address translation, essentially translates a private IP address which is not
routable on the Internet to a publicly routable IP address. your public IP address is typically
allocated to you by your service provider, which in my case is British Telecom or BT here in
the UK.
In large networks, companies may register their own public IP addresses. Here are some
well-known examples, Hewlett Packard own 15.0.0.0/8 and 16.0.0.0/8, Apple own 17.0.0.0/8,
MIT 18.0.0.0/8 and so on.
So as an example, if you are working with HP or with an apple, you may not be using a
private IP address such as this (122.168.1.89). You may actually have a public IP address
allocated to your PC. These are globally routable public IP addresses that were registered by
some of the largest companies in the world. But IP addresses are running out. So, in most
small medium businesses today you'll be using a private IP address internally.

RFC1918 and NAT Terms

So why do we need NAT or network address translation.

 The major reason is IP version 4 address exhaustion. For years there's been a worry
that IP version 4 addresses would run out and they have essentially run out today.
there is this drive to move to IP version 6 because of IP version 4 address exhaustion.
 However, it's probably more than likely that you still using an IP version 4 address
and in a lot of networks today, engineers still need to make the move to IP version 6.
One of the reasons for that is because of RFC 1918,
RFC 1918

 RFC 1918 was drafted in February 1996. So, in other words it's been around for a
long time. This discusses the address allocation for private internets. I'm not going to
bore you going through the entire document. But notice in section 3, they talk about
private address space.
 The Internet assigned numbers authority or IANA has reserved the following three
blocks of IP address space for private internets
 10.0.0.0 up to 10.255.255.255. In other words, a (10/8 prefix)
 172.16.0.0 up to 1712.31.255.255. This is a (172.16/12 prefix) and then
 We have 192.168.0.0 up to 192.168.255.255, this is a (192.168/16 prefix).

 In my example here. I'm using a 192.168.1.89 address internally. What are you using
on your PC. More than likely if you're at home using one of these IP provision 4
addresses.
 In companies as mentioned such as Apple or HP you may be using a public IP
address.

 So, RFC 1918 was drafted to try and conserve IP addresses. The idea here is that
rather than allocating public IP addresses to every device in the Internet. Devices
within companies could be allocated these (above RFC 1918 addresses) addresses
and they could be NAT’ed or translated when they needed to access the Internet.
  With port address translation or PAT. The idea is, is that you are overloading an IP
address. Hence the term that Cisco uses. We could have one public IP address used
by 500 internal devices.
 These are RFC 1918 addresses are non-routable on the Internet. In other words,
Internet service providers will block or drop traffic going to or coming from these
address ranges.
 Well that's assuming that they've configured the router correctly, but they should
have access lists blocking those addresses so that the non-routable on the Internet.
These are RFC 1918 addresses are used internally within organizations and hence we have
the term private addresses used within private networks and public addresses used on the
global or public internet.

 Now Technically there's nothing stopping private IP addresses from being routed
across the Internet. The reason they non-routable is because ISP are blocking traffic
to or from those address ranges.
 So, the issue is, if private IP addresses are non-routable, how do we get on to the
Internet. Well that's way network address translation or NAT comes in.
 NAT allows us to translate a private IP address to a public IP address, your Internet
service provider or ISP will allocate you an IP address or a range of IP addresses
  A router or another type of device will translate to your internal private IP addresses
to that globally routable public IP address.
 Now the terminology that Cisco use, can be confusing and it's something that
people often struggle with.
 Cisco use the terms Inside Local address, Inside Global address, Outside Local
address and Outside Global address.

NAT Terms:
Now the terms used to in network address translation can be very confusing. This is
probably one of the hardest things to understand with NAT.

Cisco use the terms

 Inside Local address,
 Inside Global address,
 Outside Local address and
 Outside Global address.
To try and help you remember these terms. Think of the following analogy.

The PC in this typology, PC1 is an Insider in your organization.

  Insiders in your organization are people who work for your company or who have
access to the Inside Network or local area network.
 So, this PC is an Inside Host or insider.
The server on the other hand is an Outsider. It doesn't belong to your organization.
 It's on the global Internet. It is an Outside host.
The network that the PC is connected to is the local area network. This is a local LAN or
local network.
 If you run wireshark on the network and captured packets they would be deemed
to be local addresses because they are on the local LAN.

The Internet on the other hand once again is Global.

 Think of address in the Internet as Global addresses because they are on the
Global Internet.
So, in other words, think of addresses as follows.
 Inside local is the IP address of this (PC1) Inside host on the local LAN.
 Inside Global is the IP address of this local PC, PC 1 as seen on the global
Internet.
 If he sniffed traffic on this local LAN, you would see the inside local address of this
PC.
 if you sniffed traffic using wireshark on the internet you would see the inside global
address of this PC.
  Outside a local is the IP address of the outside server. When seen on the local area
network.
 Outside global is the IP address of this server on the global Internet.
So, in summary this is an inside host. So, we have an inside local address and inside global
address.
 The inside hosts IP address on the local area network is an inside local address.
 This inside hosts IP address when seen on the global Internet is the inside global
address. Inside host on local network, Inside host on global Internet.
 This outside PCs IP address when seen on the global Internet uses the outside global
address
 but when seen on the local area network is the outside a local address.
I hope that helps you remember the terms.

Part 5 theory are left.

NAT Types

For the CCNA course you need to know three types of NAT.
1. The first one is Static NAT.
2. Second one is Dynamic NAT and
3. Third one is PAT
Static NAT

Now Static NAT maps a private IP version 4 address to a public IP version 4 address.
 This is a one to one mapping.
This is very useful when a device must be accessible from outside the network. For example,
you have a web server in your internal network. That needs to be accessible from devices on
the Internet.
So, this type of NAT is often used for servers that require a static IP address

Dynamic NAT

->Dynamic NAT maps a private IP version 4 address to a public IP version 4address from a
group of public provision for addresses or from a pool of addresses.
This could be used as an example where two companies merge, and they are using the
same IP address space.
So, you have two companies for example using IP addresses 10.1.1.0 and the devices in
those two companies need to talk to each other rather than renumbering you addresses,
you can use Dynamic NAT to allow those devices to talk to each other. It's not a very
efficient and should only be used when absolutely necessary.
PAT

->Now port address translational PAT maps multiple private IP addresses to a single public
IP address. So, in other words you are taking many IP addresses and mapping them to a
single public IP address.
 Think of your network at home you may have multiple PCs, iPhones, iPads or other
devices that only to access the internet.
 ISP however will typically only give you one IP address for your home network. So,
you may have three or four or maybe even more devices, let's say 10 IP devices that
are using one public IP address.
 So, 10 devices or as many devices as you've got at home are using private IP
addresses and those addresses are then enacted to the public IP address on your
router.
This uses port numbers to differentiate between the different translations. Hence the term
port address translation.
PAT is also known as NAT overloading. We are overloading a single IP address with multiple
IP addresses. It's a type of dynamic NAT and is the most common type of NAT in use today
and you'll typically find it all over the place in businesses as well as your home network.

Part 7 demonstration of NAT are skipped for now. Static lab Demo.
  Now with static NAT. There is a permanent mapping between the internal IP address
and a specified public IP address.
 while in Dynamic NAT, individual private addresses are mapped to individual public
addresses in a pool of addresses.

->So as an example, if you had 10 IP addresses in your pool, the first host that sends traffic
will get to use the first IP address in the pool. The second host would use the second IP
address and so forth and so one. you're not explicitly mapping a public IP address to an
internal server IP address.

->So, when you set up a dynamic that you're going to set up a pool of addresses. you also
configure it inside and outside interfaces, but you don't create a static map to a single IP
address.
You create a pool of addresses that can be used by hosts internally.

Dynamic NAT

So, in Dynamic NAT once again. you are creating a pool of inside global addresses.
The reason why it's called dynamic rather than static is, the router dynamically allocates IP
addresses from the pool on a as needed basis.
  The mapping will be removed once communication ends. So, there's no permanent
one to one mapping that's always there like you have with static NAT.
With dynamic NAT, the NAT translations are automatically created when they needed and
torn down or removed when not needed.

Dynamic NAT and PAT demo

Part 14,15,16,17,18,19 and 20 are skipped for now.

Source Address Theory

So, what are you doing in this example the Source address translation?
We're not going to do destination address translation. As source address translation tends
to be the most common implementation of NAT and that's what you need to know for the
CCNA certification.
->With source address translation you're typically NATting devices on your internal network
that use RFC 1918 addresses.

 For those devices to access devices on the Internet their addresses need to be
translated or changed from an RFC 1918 address to a publicly routable address.
 In this example the router has an IP address of 1.1.1.1 and we are going to not host
10.1.1.1 to an IP address of 1.1.1.2. So, in this example we not natting the PCs IP
address to the routers IP address. I'll show you that example in a moment.
 In this example we are natting, one internal IP address or private IP address to a
dedicated public (1.1.1.2) IP address.
 In this example we've also got a server on internet with an IP address of 2.2.2.2
So, the Router will populate to the NAT table as follows.
 Inside a local address is 10.1.1.1
 inside global is 1.1.1.2
 outside local and outside global are set to 2.2.2.2
  In this example we not natting the outside address, we are only natting the inside
address.
 if you are sniffing this local area network connection between the PC and the
router using the wireshark and I'm going to demonstrate that in a moment.
 what you would see is that, the source address of the packet is set to 10.1.1.1
That's the physical IP address of the host.
 The destination address for Traffic is 2.2.2.2. In other words, the PC has
initiated a session to the server and if you capture traffic on the local network,
source addresses of the PC's actual IP address (10.1.1.1) and destination
address is the servers IP address (2.2.2.2).
However, when the traffic hits the router, the Router will look in the NAT table because it's
receiving traffic on an inside interface which you configure, and the traffic is destined to an
outside interface. So, you configure the Router with the inside and outside interfaces. And
because of that configuration the router looks in the NAT table to see if addresses should
be Natted.
 in this case the source IP address matches an entry in the table. So, the source
IP address is going to be changed to 1.1.1.2 , the destination address is not
going to be changed, it's going to remain as 2.2.2.2.
 The router will change the source address and then forward the traffic to the
Internet,
The source address matches the same entry of 10.1.1.1 and the destination address matches
this entry to 2.2.2.2. So, the router is going to change the source IP address to 1.1.1.2 as per
the inside global entry in the NAT table.
 In this example the outside local and outside global addresses are the same.
So, the router doesn't change the destination address in the packet.
 If you sniffed the traffic using wireshark on this link from the router to the
internet, you would see that the source address is set now to 1.1.1.2 rather
than 10.1.1.1 which it was set to, on the inside network.
when the traffic arrives at the server and the server receives the traffic. The server believes
that it's talking with a host with an IP address of 1.1.1.2, the server never sees that the actual
source IP address was 10.1.1.1.
  ->when the server replies, the source and destination addresses are swapped
around.
 So, the source address is now 2.2.2.2 and the destination address is now
10.1.1.2. The packet is now routed across the Internet and arrives at the
NAT router.
When the router receives the traffic, it sees that the traffic is destined to not be address of
1.1.1.2. The router will check in its NAT table whether it has a matching entry, in this case it
does.
 The inside global address is 1.1.1.2 which matches the destination address.
 So, what the router will do is it will NAT the IP address 1.1.1.2 and change it
to 10.1.1.1 before forwarding the traffic on to the local network.
 The source address of 2.2.2.2 is not changed because those entries are the
same in the NAT table for outside local and outside global.

 So once again if you sniffed the traffic between the route and the PC, you would see
that the destination address is 10.1.1.1, source address is 2.2.2.2, and that's because
the router has changed the destination IP address based on the inside local entry.
Now that's essentially how NAT works. This is a simple one to one mapping with basic NAT.

NAT and PAT Theory

Now if they were multiple hosts on the inside network.
let's say we've got PC 1 and PC 2. PC 1 has an IP address of 10.1.1.1 and PC 2 has an IP
address of 10.1.1.2.
 In this example if we were using one to one NAT rather than port address translation
translational or PAT. we would need to create a NAT entry for each host.
 So, Host 1 as an example would be Natted to 1.1.1.2 and
 Host 2 or PC 2 would be natted to 1.1.1.3.
The NAT entry would look as follows
 10.1.1.1 is natted to 1.1.1.2 ,
 10.1.1.2 is natted to 1.1.1.3 as the inside global address
 outside local, outside global in this example would be the same (2.2.2.2).
1. So, the inside local address would be the actual IP address of the host (10.1.1.1 ,
10.1.1.2)
2. the inside global address would be the nattered global address as seen on the
Internet (1.1.1.2, 1.1.1.3).
3. The outside local and outside global addresses in this example would remain the
same (2.2.2.2) because we are not natting the destination IP address, only the source
IP address will be natted in this example.
The problem with Peer, network address translation as shown in this example is that you
would need a public IP address for every internal host that uses a private RFC 1918 address,
that kind of defeats the whole purpose of network address translation where we want to
conserve IP addresses.
in the real world, we tend to use PAT or port address translation which also cisco nat
overloading.
 PAT allows multiple inside host addresses such as 10.1.1.1 and 10.1.1.2 to be natted
to the same public IP address.
 So, in this example both PCs are natted to the same inside global address. It’s not
a one to one mapping.
 In this example two private IP addresses on Natted to a single public IP address.
In addition, in this example 1.1.1.1 is the router is configured IP address. That
raises another issue.
 How does the router differentiate traffic that's destined to itself versus traffic
destined to PC 1 versus traffic destined to PC 2?.
 So, when PC one since traffic onto the Internet to the server and the traffic is
returned How does the router know that that traffic belongs to PC 1 rather than PC 2
if the traffic is going to the same IP address. So, in other words how does the router
differentiate between different sessions or different flows if multiple hosts on the
inside are talking to the same server on the Internet.
 Well that's where Port Address translation comes in.
 In this example multiple hosts are sharing the same IP address. So, the way to make
the entries unique is to combine an IP address with a port number to differentiate
between the different sessions or different host devices.
 And that's where the port address translation term comes in, because multiple hosts
are sharing the same IP address.
 The way to get a unique entry in the inside global table is to combine a port and an
IP address. So, the combination of port and IP address provides a unique value which
allows the router to differentiate between entries.
 So, in this example both PC 1 and PC 2 are sharing 1.1.1.1 as the inside global
address.
 However, when host 1 initiate a session to the server, it's going to choose a
random or femoral port number to uniquely identify the session on the local PC.
 when the traffic hits the router, the router will use that chosen source port
number to represent the NAT entry in the table. So, the PC chose 1024 and that's
the entry used in the inside global NAT table entry.
 If PC 2 initiate a session to the server and let's say for argument's sake it chose
1025 as the source port number, that's the entry used on the router to uniquely
identify the session.
 So, when traffic is sent from these PCs to the server and it's returned back to the
router from the server. The server is able to differentiate between traffic that's
destined to 10.1.1.1 vs the traffic that's destined to 10.1.1.2 because of the unique
IP address and port number combination.
 So, what happens if both PCs for whatever reason randomly choose the same
source port number. So, let's assume both you want a PC to choose :1024.
 While all the router does is, it just changes the entry in the inside global table
to keep the entry unique.
 So, 10.1.1.2 :1024 as the port number and the router simply changes that to
another por number to keep the values unique in the table.
 So, in the server sends traffic to the Router destined to 1.1.1.1 port number
1025, the router simply changes the address to 10.1.1.2 port number 1024.
 So, if you are sniffing the traffic on this local area network connection, you
would see traffic with the source address of 10.1.1.1 port 1024 going to the
server with address 2.2.2.2 port 80.
 You'd also see traffic from PC2 with IP address 10.1.1.2 port number 1024
going to the same server to the same server 2.2.2.2 port 80. However, when
the traffic hits the router, the router is going to change those values.
 when the traffic is Natted by the Router, before seeing the traffic on the
Internet. The router will change the source addresses. So, if you are sniffing
the traffic on the Internet interface ,you would see traffic from PC 1 now
having a source IP address of 1.1.1.1 port 1024, destination address remains
 the same. We are not changing the outside global and outside local
addresses.
 You would also see traffic from PC 2, the source address would now be 1.1.1.1
port 1025 on this interface with the destination set to the server(2.2.2.2). so,
the router has natted both the IP address and in this case it's also changed
the port number to keep the values unique.
 The server in this example believes that it's got two sessions from the same
host 1.1.1.1 where an actual fact. They are two separate PCs, but the server is
unaware of that, as it only sees the natted IP address
 when the server returns traffic to the router. It's going to return traffic to
1.1.1.1 port 1024, source address would now be 2.2.2.2 port 80 as well as
destination address of 1.1.1.1 port 1025, source address of 2.2.2.2 port 80
 the server once again believes that it's talking to the same host but different
sessions. So, same IP address but different port numbers.

Part 23

The Router NAT’s that's ingress traffic based on the inside global table.
 So, traffic destined to 1.1.1.1 port 1024 is changed to 10.1.1.1 port 1024 and
forwarded on to the local segment
 traffic destined to 1.1.1.1 port 1025 is translated to 10.1.1.2 port 1024 and forwarded
on to the local segment.
The PCs as well as the server are unaware that their traffic has been natted. They are
essentially oblivious to the changes that have been made by the router to the IP addresses
and port numbers. Traffic is routed correctly PCs are unaware of what's going on and that's
essentially how much overloading
or port address translation or Pat works.
Cheat Sheet:

Cheat Sheet:-

Inside Local = An actual address assigned to an inside host

Inside Global = An inside address seen from the outside

Outside Global = An actual address assigned to an outside host

Outside Local = An outside address seen from the inside

 Chris Bryan

Inside Local = Inside Local addresses are used by the hosts on the inside network to
communicate with other host on the same network. These inside local addresses are translated
into global address.

Inside Global = Inside global address are routable address.

Outside Global = Outside Global address are the addresses assigned by NAT on the remote
network.

Outside Local = Outside Local address are the actual addresses of the hosts on the remote
network

Neil Andreson

Inside Local address = The IP address actually configured on the inside host's Operating System

Inside Global address = The NAT'd address of the inside host as it will be reached by the outside
network

Outside local address = The IP address of the outside host as it appears to the inside network.

Outside Global address – The IP address assigned to the host on the outside network by the
host’s owner.