Network Address Translation (NAT) is a fundamental technique used in networking to conserve IP address space and enable communication between private networks and the public internet. Inside Source NAT, also known as NAT overload or Port Address Translation (PAT), allows multiple internal private IP addresses to share a single public IP address when accessing the internet. In this blog post, we will explore how to configure and verify Inside Source NAT using both static NAT and NAT pools on Cisco routers, as well as understand the different types of NAT addresses involved.
Types of NAT Addresses:
When implementing Inside Source NAT, several types of IP addresses are involved in the translation process:
- Inside Local (IL) Address: The private IP address of an internal host as seen from within the local network.
- Inside Global (IG) Address: The public IP address assigned to an internal host when accessing the internet. This address is globally routable and can be reached from external networks.
- Outside Local (OL) Address: The IP address of an external host as seen from within the local network.
- Outside Global (OG) Address: The public IP address of an external host as seen from outside the local network.
Inside Local and Inside Global addresses are used in Inside Source NAT, while Outside Local and Outside Global addresses are relevant in Outside Source NAT.
Static NAT Configuration:
Static NAT provides a one-to-one mapping between a private IP address and a public IP address. This allows external devices to initiate communication with specific internal hosts using their mapped public IP address.
Example Configuration:
Suppose we have a web server with a private IP address of 192.168.1.10 that we want to expose to the internet using a public IP address of 203.0.113.10.
Router(config)# ip nat inside source static 192.168.1.10 203.0.113.10In this configuration, 192.168.1.10 is the Inside Local address, and 203.0.113.10 is the Inside Global address.
NAT Pool Configuration:
NAT pools allow multiple private IP addresses to be translated to a range of public IP addresses from a pool. This method is useful when multiple internal devices need internet access, and a single public IP address is not sufficient.
Example Configuration:
Let’s configure a NAT pool with a range of public IP addresses to be used for NAT overload.
Router(config)# ip nat pool MY_POOL 203.0.113.50 203.0.113.60 netmask 255.255.255.0
Router(config)# ip nat inside source list 1 pool MY_POOL overloadIn this configuration, the Inside Local addresses are the private IP addresses eligible for translation, and the Inside Global addresses are selected from the NAT pool (203.0.113.50 to 203.0.113.60).
Verification of Inside Source NAT:
To verify the Inside Source NAT configurations, we can use the following commands:
Router# show ip nat translations
Router# show ip nat statisticsThe first command displays the active NAT translations, including the Inside Local and Inside Global addresses, and the second command provides statistics on NAT translations, including the number of translations, hits, and misses.
Access Control Lists (ACLs):
It’s important to control which internal IP addresses are eligible for NAT translations. Access Control Lists (ACLs) are used to define which traffic should be subjected to NAT. In the above NAT pool configuration example, we used ACL 1 to specify the internal IP addresses eligible for translation:
Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255Ensure that the ACL includes all the internal IP addresses that need to be translated.
Inside Source NAT is a vital component of network address translation, enabling private internal IP addresses to access the internet using shared public IP addresses. By configuring static NAT and NAT pools, we can control the mapping of private and public IP addresses and optimize the use of available public IP resources. Regular verification of NAT translations and careful management of access control lists ensure a well-functioning and secure network environment. With these configurations in place, network administrators can ensure seamless connectivity and efficient use of IP address resources in their Cisco router networks.
