NAT Overloading akka PAT inside global addresses

Today I am going to talk about the use of the NAT Overloading or so called PAT of inside global addresses. This is one of the interesting topic and many of you already asked how to use it. I knew most of you already gone through it but as some candidates asked for it so I am going to provide some of the insights on it.

So let's talk about the purpose of using NAT overload inside the Global addresses


What will be the purpose of using the NAT overloading for the inside Global addresses ?
Well, You can conserve addresses in the inside global address pool by allowing a device to use one global address for many local addresses and this type of Network Address Translation (NAT) configuration is called overloading. 

When overloading is configured, the device maintains enough information from higher-level protocols (for example, TCP or UDP port numbers) to translate the global address back to the correct local address. When multiple local addresses map to one global address, the TCP or UDP port numbers of each inside host distinguish between local addresses. 

The above mentioned diagram shows how a NAT operation is going on when an inside global address represents multiple inside local addresses. The TCP port numbers act as differentiators.

The device performs the following process in the overloading of inside global addresses, as shown in the figure above. Both Host B and Host C believe that they are communicating with a single host at address 203.0.113.2. Where as, they are actually communicating with different hosts; the port number is the differentiator. In fact, many inside hosts can share the inside global IP address by using many port numbers.


Fig 1.1- PAT inside Global Addresses
  • The user at host 10.1.1.1 opens a connection to Host B. 
  • The first packet that the device receives from host 10.1.1.1 causes the device to check its NAT table. Based on your NAT configuration the following scenarios are possible:
    • If no translation entry exists, the device determines that IP address 10.1.1.1 must be translated, and translates inside local address 10.1.1.1 to a legal global address.
    • If overloading is enabled and another translation is active, the device reuses the global address from that translation and saves enough information that can be used to translate the global address back, as an entry in the NAT table. This type of translation entry is called an extended entry.
  • The device replaces inside local source address 10.1.1.1 with the selected global address and forwards the packet. 
  • Host B receives the packet and responds to host 10.1.1.1 by using the inside global IP address 203.0.113.2. 
  • When the device receives the packet with the inside global IP address, it performs a NAT table lookup by using a protocol, the inside global address and port, and the outside address and port as keys; translates the address to the inside local address 10.1.1.1 and forwards the packet to host 10.1.1.1. 

Host 10.1.1.1 receives the packet and continues the conversation. The device performs Steps 2 to 5 for each packet it receives.