NAT is the Network Address Translation. NAT is used for public IP or Internet access using a private IP address. To access the Internet, a public IP address is required, but we can use a private IP address in our personal network. The idea of NAT is to allow multiple devices to access the Internet through a single public address. To achieve this, the private IP address needs to be translated into a public IP address.
Network address translation (NAT) is a process where one or more local IP addresses are translated to one or more global IP addresses and vice versa can provide Internet access to local hosts. Also, it translates the port numbers, which means that the host’s port number, along with another port number, will take the packet to the destination then it makes entries in the NAT table’s IP address and port number. NAT usually works on a router or firewall.
The objectives of NAT are:
- The number of Pv4 public addresses used to increase is almost the last step. Therefore, a private IP should be set up to provide private IP to the network.
- NAT is configured to increase network security. Otherwise, the IP NAT can be configured only for the hosts that need internet access.
- Public IP is the most difficult task assigned to each host. By configuring a DHCP server, the private IP block that is used on the DHCP server can be easily accessed by configuring NAT on that block. As a result, network administration is reduced.
Types of NAT
- Static NAT
- Dynamic NAT
Static NAT is if a private IP’s NAT is configured with a public IP. This means that private IP addresses through NAT are used to permanently provide the Internet with public IP.
Dynamic NAT is when multiple public IPs provide Internet access to many private IPs. In that case, the private IPs release public IPs when the Internet is finished. As a result, public IPs can be used by other private IPs.
PAT is Port Address Translation. PAT can map multiple private IP addresses to a single public IP address.
Configuring static NAT
The most important part of configuring NAT is to configure internal and external interfaces. This configuration method varies depending on the type of NAT you are using. In the case of static NAT, these entries in the translation table have to be manually performed.
The configuration of NAT on Cisco IOS is as follows:
Configuring the Internal Interface:
Use the following command to configure the internal interface:
R1(config)#int fastethernet 0/0
R1(Config-if)#ip address 188.8.131.52 255.255.255.0
R1(config-if)#ip nat inside
Here the interface is selected first, then the IP address for that interface is set. In the end, it was stated that this interface is an inside NAT interface. As a result, the stub domain will use this interface to access all the heists on the external network.
Configuring external interface:
R1(config)#int fastethernet 0/0
R1(config-if) #ip address 184.108.40.206 255.255.255.0
R1(config-if)#ip nat outside
Here the interface is first selected, then the IP address for that interface has been set. Finally, it has been stated that this interface is outside the NAT interface.
Setting the IP addresses of static NAT
R1(config) #ip nat inside source static 192.168.10.10 220.127.116.11
R1(config) #ip nat inside source static 192.168.10.11 18.104.22.168
R1(config) #ip nat inside source static 192.168.10.12 22.214.171.124
R1(config) #ip nat inside source static 192.168.10.13 204.218. 10.13
Here, NAT is enabled for the internal interface through the IP nat inside source static command. Here are four inside global addresses (126.96.36.199 – 13) mapped for the four heists (192.168.10.10 – 13) of the stub domain. These IP addresses will now be routed to the NAT Translation Table. Now, these four heists can be connected to the Internet at any time, and at any time from the Internet can be connected to these heists. These four heists can be accessed from an external network unless you disable the mapping of them using the command:
R1(config) #no ip nat inside source static 192.168.10.10 204.218. 10.10
R1(config) #no ip nat inside source static 192.168.10.11 204.218. 10.11
R1(config)#no ip nat inside source static 192.168.10.12 188.8.131.52
R1(config) #no ip nat inside source static 192.168.10.13 204.218. 10.13
Remember, other NAT configurations may have similar static NAT mappings. For example, you can create some such mappings during dynamic NAT or port address translation. For hosts that are always connected to the Internet, such as web servers, such static mapping will be required.
Static mapping of this type can also be specified for a particular port. For example, the webserver will run on one of the internal networks in the corner. The web server uses TCP port 8080. Now you want the hack attached to the external heist with the TCP Port 80 of NAT Gateway and the hack connected to that web server. It can then be configured with the following command:
R1(config)#ip nat inside source static tcp 192.168.10.2 8080 184.108.40.206 80 extendable
Here is the IP address of the external interface to 220.127.116.11