NAT on the Router

NAT on the Router 

Network Address Translation (NAT) is a function that translates private IP addresses used within a local network to a public IP address for communication over the internet. Routers perform NAT to conserve public IPv4 addresses and enhance network security by obscuring internal addressing. 

As RFC 1631 explains, “Network Address Translation (NAT) is a method by which IP addresses are mapped from one address space into another, providing transparent routing across address translation”. The IETF further formalized NAT behavior in RFC 3022: “Traditional NAT is designed to allow hosts in a private network to access hosts on the public Internet by translating the private IP addresses to public IP addresses".

Key Functions

• Address Conservation: NAT enables multiple devices to share a single public IPv4 address, which is crucial given the limited IPv4 address space. RFC 3022 notes, “NAT permits multiple hosts on a private network to access external networks using a single public IP address” [RFC 3022].
• Security by Obfuscation: NAT does not replace a firewall, but it makes internal hosts less directly reachable from the internet. As per RFC 2979, NAT “hides internal addresses” and can “complicate unsolicited inbound connections” [RFC 2979].
• Session Maintenance: Routers performing NAT track connection state. Port Address Translation (PAT), also called NAT overload, maps many internal hosts to one public IP by differentiating sessions via ports. “NAT with Port Translation… allows many-to-one address translation by multiplexing transport identifiers” [RFC 3022].

Types of NAT

• Static NAT: One-to-one mapping between a private and a public IP. Useful for hosting services internally. “Static mappings provide a fixed correspondence between internal and external addresses” [RFC 3022].
• Dynamic NAT: Many-to-many mapping drawing from a pool of public addresses. “Dynamic NAT assigns external addresses from a preconfigured pool on demand” [RFC 3022].
• PAT (NAT Overload): Many-to-one mapping using ports. “PAT enables multiple internal hosts to share a single external address by translating both addresses and ports” [RFC 3022].

NAT Configurations 

1. Inside INT-Core1

interface TenGigabitEthernet0/0/0

description NDNA-ITN-077-Core 1

ip address 172.16.0.19 255.255.255.254

no ip redirects

no ip unreachable

ip nat inside

2. Inside INT-Core2

interface TenGigabitEthernet0/0/2

description NDNA-ITN-078-Core 2

ip address 172.16.1.19 255.255.255.254

no ip redirects

no ip unreachable

ip nat inside

3. ATT on Gi0/0/0

interface GigabitEthernet0/0/0

description ATT_External

ip address 115.19.171.194 255.255.255.224

no ip redirects

no ip unreachable

ip nat outside

ip nbar protocol-discovery

4. BELL on Gi0/0/1

interface GigabitEthernet0/0/1

description BELL_External

ip address 124.11.101.97 255.255.255.224

no ip redirects

no ip unreachable

ip nat outside

ip nbar protocol-discovery

5. IP NAT Translations- Inside Core

ip nat translation timeout 120

ip nat translation tcp-timeout 120

ip nat translation udp-timeout 60

ip nat translation finrst-timeout 45

ip nat translation syn-timeout 45

ip nat translation dns-timeout 45

ip nat translation icmp-timeout 45

6. IP NAT Pool - Inside Core

ip nat pool NDNA-1 115.19.171.195 115.19.171.255 netmask 255.255.255.224

ip nat pool NDNA-2 124.11.101.98 124.11.101.110 prefix-length 24

ip nat inside source list 1 pool NDNA-1 overload

ip nat inside source list 11 pool NDNA-2 overload

ip forward-protocol nd

Summary

In summary, NAT on routers translates private addresses to public ones, enabling scalable IPv4 connectivity and providing basic obfuscation. Administrators choose among static, dynamic, and PAT based on requirements for outbound access, inbound services, and address availability. While NAT remains fundamental in IPv4 networks, planning for IPv6 can reduce reliance on NAT and restore end-to-end reachability.