Table of ContentsHow NAT Works This document contains Flash animationIntroductionBehind the MaskDynamic NAT and Overloading ExamplesSecurity and AdministrationMulti-HomingRelated InformationCisco − How NAT WorksTable of ContentsHow NAT Works.................................................................................................................................................1 This document contains Flash animation................................................................................................1Introduction...........................................................................................................................................................1Behind the Mask...................................................................................................................................................2Dynamic NAT and Overloading Examples..........................................................................................................5Security and Administration.................................................................................................................................7Multi−Homing......................................................................................................................................................9Related Information..............................................................................................................................................9Cisco − How NAT WorksiHow NAT Works This document contains Flash animationIntroductionBehind the MaskDynamic NAT and Overloading ExamplesFlash Animation: Dynamic NATSecurity and AdministrationMulti−HomingRelated InformationIntroductionIf you are reading this, you are most likely connected to the Internet and there's a very good chance that youare using Network Address Translation (NAT) right now!The Internet has grown larger than anyone ever imagined it could be. Although the exact size is unknown, thecurrent estimate is that there are about 100 million hosts and over 350 million users actively on the Internet.That is more than the entire population of the United States! In fact, the rate of growth has been such that theInternet is effectively doubling in size each year.So what does the size of the Internet have to do with NAT? Everything! For a computer to communicate withother computers and Web servers on the Internet, it must have an IP address. An IP address (IP stands forInternet Protocol) is a unique 32−bit number that identifies the location of your computer on a network.Basically it works just like your street address: a way to find out exactly where you are and deliverinformation to you.When IP addressing first came out, everyone thought that there were plenty of addresses to cover any need.Theoretically, you could have 4,294,967,296 unique addresses (232). The actual number of available addressesis smaller (somewhere between 3.2 and 3.3 billion) because of the way that the addresses are separated intoClasses and the need to set aside some of the addresses for multicasting, testing or other specific uses.With the explosion of the Internet and the increase in home networks and business networks, the number ofavailable IP addresses is simply not enough. The obvious solution is to redesign the address format to allowfor more possible addresses. This is being developed (IPv6) but will take several years to implement becauseit requires modification of the entire infrastructure of the Internet.Cisco − How NAT WorksThe NAT router translates traffic coming into and leaving the privatenetwork.This is where NAT (RFC 1631 ) comes to the rescue. Basically, Network Address Translation allows a singledevice, such as a router, to act as agent between the Internet (or "public network") and a local (or "private")network. This means that only a single unique IP address is required to represent an entire group of computersto anything outside their network.The shortage of IP addresses is only one reason to use NAT. Two other good reasons are:SecurityAdministration• • You will learn more about how NAT can benefit you, but first let's take a closer look at NAT and what it cando...Behind the MaskNAT is like the receptionist in a large office. Let's say you have left instructions with the receptionist not toforward any calls to you unless you request it. Later on, you call a potential client and leave a message forthem to call you back. You tell the receptionist that you are expecting a call from this client and to put themthrough.The client calls the main number to your office, which is the only number the client knows. When the clienttells the receptionist who they are looking for, the receptionist checks a lookup table that matches up theperson's name and extension. The receptionist knows that you requested this call, therefore the receptionistforwards the caller to your extension.Developed by Cisco, Network Address Translation is used by a device (firewall, router or computer) that sitsbetween an internal network and the rest of the world. NAT has many forms and can work in several ways:Static NAT − Mapping an unregistered IP address to a registered IP address on a one−to−one basis.Particularly useful when a device needs to be accessible from outside the network.In static NAT, the computer with the IP address of 192.168.32.10 willalways translate to 213.18.123.110.Dynamic NAT − Maps an unregistered IP address to a registered IP address from a group ofregistered IP addresses.• • Cisco − How NAT WorksIn dynamic NAT, the computer with the IP address of 192.168.32.10 willtranslate to the first available address in the range from 213.18.123.100 to213.18.123.150.Overloading − A form of dynamic NAT that maps multiple unregistered IP addresses to a singleregistered IP address by using different ports. Known also as PAT (Port Address Translation), singleaddress NAT or port−level multiplexed NAT.In overloading, each computer on the private network is translated to thesame IP address (213.18.123.100) but with a different port numberassignment.Overlapping − When the IP addresses used on your internal network are registered IP addresses inuse on another network, the router must maintain a lookup table of these addresses so that it canintercept them and replace them with registered unique IP addresses. It is important to note that theNAT router must translate the "internal" addresses to registered unique addresses