nat network address translation

NAT stands for Networkaddresstranslation (network address translation software).

NAT is an acronym for NetworkAddressTranslation (Network Address Translation Software) (correct)

Concept of NAT:

NAT (NetworkAddressTranslation), which stands for Network Address Translation, was introduced in 1994. The NAT method is used when some hosts inside a private network have already been assigned a local IP address (i.e., a dedicated address for use only within this private network), but want to communicate with hosts on the Internet (which does not require encryption).

How it works. With NAT, when an “internal” network with a private (reserved) address sends packets through a router, the private address is converted to a legitimate IP address, so that a LAN needs only a few IP addresses (or even one) for all computers on the privately-addressed network to communicate with the Internet.

NAT will automatically modify the source and destination IP addresses of IP messages, and Ip address checksums are done automatically during NAT processing. Some applications embed the source IP address in the data portion of the IP message, so it is also necessary to modify the data portion of the message at the same time to match the source IP address that has been modified in the IP header. Otherwise, applications that embed IP addresses in the data portion of the message will not work properly.

nat protocol address translation requires access to WAN technology


NAT belongs to the Access Wide Area Network (WAN) technology, which is an IP address translation technology that converts private (reserved) addresses into legal public IP addresses, and it is widely used in various types of Internet access methods and various types of networks.

The important value of the emergence of NAT address translation technology is mainly in improving network security and solving the shortage of IPv4 addresses.

Solving the IPv4 address shortage problem

This is mainly solved by dynamic NAT and PAT, in which PAT technology can make hundreds of thousands of intranet users reach the goal of accessing the extranet with the help of a legitimate public IP address (if not for the PAT technology, the IPv4 that the more than 4 billion addresses are not able to satisfy the earth’s manpower to a usable IPv4 address use, not to mention the current situation).



Address translation maps the addresses of important or core servers exposed in the public network, so that the mapped proxy address to cope with the attack, which is equivalent to a layer of camouflage for the protected address. This is an important means of protecting and hiding important server and core device addresses from easy network attacks.


Control the intranet host access to the extranet, but also can control the extranet host access to the intranet, to solve the problem of intranet and extranet can not be interoperable.

Static NAT

Working Mechanism

When NAT is converted, the IP address of the host of the internal network and the public IP are one-to-one statically bound, and each public IP can only be converted for use by a fixed intranet host; static NAT is converted to convert only the IP address, and does not involve the port number.

What is the main function of NAT?

Specifically as follows:

NAT English full name is “NetworkAddressTranslation”, the Chinese meaning is “Network Address Translation”, which is a kind of internal private Network Address Translation (NAT) is a technology that translates internal private network addresses (IP addresses) into legitimate network IP addresses.

NAT is the use of internal addresses in the LAN internal network, and when the internal nodes want to communicate with the external network, the internal address will be replaced with a public address at the gateway, so that it can be used normally on the external public network (internet), which is shielded from the internal network, and all the computers in the internal network are invisible to the public network.

Knowledge Expansion:

Types and Functions of NAT:

There are three types of NAT: Static NAT (StaticNAT), Dynamic Address NAT (PooledNAT), and Network Address Port Translation NAPT (Port-LevelNAT).

Static NAT is the simplest to set up and the easiest to implement, where each host on the internal network is permanently mapped to a legal address on the external network.

Dynamic address NAT, on the other hand, defines a set of legal addresses on the external network that are dynamically assigned and mapped to the internal network. napt maps internal addresses to different ports of an IP address on the external network. Each of the three NAT schemes has advantages and disadvantages, depending on the needs.

Dynamic address NAT simply translates IP addresses, assigning a temporary external IP address to each internal IP address, and is mainly used for dial-up, but can also be used for frequent remote connections.When a remote user connects, dynamic address NAT assigns him an IP address, which is released for later use when the user disconnects. The following is an example of a dynamic NAT.

What Network Address Translation Technology Solves Well

Solve the problem of private IP addresses not being able to connect to the Internet. For example, internal users often use private IP addresses, but these private IP addresses are not able to access the Internet, this private IP address is unable to access the resources on the Internet. So the private IP address of the internal network must be converted to a public IP address of the external network.

Network Address Translation is a technology that translates one or more IP addresses into another IP or multiple addresses. Generally speaking, NAT technology is mainly used to translate the internal private IP address of a host into an external legal IP address, thus providing a technical means to solve the lack of IP address resources. Internal users use the private IP address of the 10-network, which is transformed into the public IP address of the 202 after IP address translation, so that they can connect to the Internet.

There are three types of NAT: Static NAT (StaticNAT), Dynamic Address NAT (PooledNAT), and Network Address Port Translation NAPT (Port-LevelNAT).

One of them, Network Address Port Translation NAPT (NetworkAddressPortTranslation) maps an internal address to a different port of an IP address on an external network. It can hide small and medium-sized networks behind a legitimate IP address.NAPT differs from dynamic address NAT in that it maps an internal connection to a separate IP address on the external network with a port number selected by the NAT device.

Router Configuration for Static NAT Address Translation

How to configure NAT (Network Address Translation) so that computers on the Internet can access their internal Web and e-mail servers through their Cisco routers. This requires configuring a static NAT translation between a dedicated public IP address and a dedicated private IP address. Below the author talks about some specific approaches to solving this problem.

Recently, the vast majority of people have been using NAT to connect to the Internet.NAT translates private IP addresses into public IP addresses, thus enabling users to access the public Internet. Most of us use such a form of NAT called PortAddressTranslation (PAT), which Cisco calls NAToverload.

To get started with this, let’s first look at what we need to manipulate. Take a look at the following diagram:

That’s our target: we want to configure a static IP translation through a router that is between an external network (aka Internet) and an internal network (aka private network).

On a Linksys router with a basic web interface, this is not difficult to do. However, on a router that uses a command line interface (i.e., CLI), if you don’t know the right commands or where to apply them, you can face difficulties.

Before you start, it’s a good idea to gather the data you need. Here’s the information we need for this example:

Router internal interface E0/0: IP

Router external interface S0/0: IP

Web/email server private IP address:<

Web/mail server public IP address:

To gain access to the data traffic inside your network and to your Web/mail server, there are two important measures you can employ:

1. NAT configuration

2. .Firewall Configuration

In this article, the author will provide basic NAT configuration. However, be sure that whatever configuration you employ for your firewall, be sure to allow these data communications to pass through.

Whether you are utilizing basic access control lists (ACLs) or you are using Cisco’s IOS firewall attribute set (for more information, see: CiscoIOSfirewallfeatureset), be sure that you understand Cisco’s IOS order of operations so that you can configure your firewall for the appropriate IP address (whether public or private). ones) to configure your firewall. In other words, which happens first? Is it NAT translation, or firewall filtering? For example, when using ACLs, an incoming ACL check precedes the NAT translation. Therefore, you need to keep in mind the ACL that has a public IP address.

Now that we have this background information clear, let’s begin our static NAT configuration journey. For our example, we’re going to start with this basic configuration as follows:







We need NAT translation to convert the external IP address of the web/email server from to 10.1. 1.2 (from to Here’s what you do in the missing link between the external and internal NAT configurations:


router(config)# ipnatinsidesourcestatictcp10.1.1.244363.63.63.2443



We’ve used the port numbers above because they fit the description of the operation we want to perform. But it is important to remember that your port numbers may vary. The author closed port 25 for SMTP (sending mail), port 443 for HTTPS (secure web), port 80 for HTTP (web communication), and port 110 for POP3 (receiving mail from mail servers).

This configuration assumes that you have a set of IP addresses. If you don’t, you can use an external IP address on the router (in this case Serial0/0), which you can configure as follows:

router(config)#ipnatinsidesourcestatictcp10.1.1.225interfaceserial0 /025

You can even use this command as well if you have a dynamic DHCPIP address from your ISP.

We also need to register this mail and web server IP address with the public Internet DNS server. So when a user types www.mywebserver.comæ—¶ in their web browser, the browser will convert it to, and the router will convert it to The web server will receive this request and give a response through the router, which will convert it back to the public IP address again.

In addition to configuring static NAT, you might think of using dynamic NAT alongside this.With this in mind, your internal PCs can use dynamic NAT for access to the Internet (i.e., NAT overload or PAT). However, this is a bit more complicated. If you are interested, you can refer to Cisco’s ConfiguringStaticandDynamicNATSimultaneously document.