Without network address translation (NAT) or port address translation (PAT) you probably wouldn’t be able to access the internet from your computer or at least you’ll be the only one in the house having internet access…in this lesson I want to give you an explanation of why and how we use NAT/PAT for Internet access.
Let’s start with a topology:
On the left side we have a computer on our LAN with the IP address 192.168.1.1 connected to a router. From our ISP we got the IP address 4.4.4.4 and there’s a server on the Internet using IP address 1.2.3.4. If our computer send something to the server what would be the source and destination IP address of the IP packet it will send?
The source IP address will be our computer and the destination IP address will be the server as you can see in the IP packet in the picture above.
Once our server responds it will create an IP packet specifying the computer’s IP address as the destination and the source IP address will be its own IP address.
Is there anything wrong with this example? No, it’s perfectly fine except for one detail…the IP address of the computer and the IP address on the router are private IP addresses. Private IP addresses are meant for our LANs and public IP addresses are for the Internet.
This time we are going to configure NAT (Network Address Translation) and see what the difference is…
Hi William,
You can’t simulate NAT traffic on the local router. If you want to see some NAT translations, you’ll have to send some traffic through your router. When I have to test something like this I like to use another router or switch as the “host” device. Some quick pings are enough to test NAT.
Rene
Hi Rakesh,
PAT means port address translation, this doesn’t mean that the source port is always changed though. Take a look at this example:
How to configure PAT on Cisco IOS Router
Look for the show ip nat translations command in that lesson. You can see the source ports remain the same, the router will only change these if two hosts happen to pick the same source port number.
CGNAT stands for Carrier Grade NAT. Some ISPs don’t give their customers public IP addresses anymore but private IP addresses. The ISP will use NAT/PAT to put many customers behind a single public IP address.
Rene
Hi Pavan,
In most NAT/PAT examples, we only translate the source IP address.
With bi-directional NAT, you can translate both the source and destination IP address at the same time.
Rene
Hello Juan
The rule is that RFC1918 IP addresses are not reachable or routable on the internet. That is a rule that ISPs are responsible for adhering to and implementing. There is no technological inability to routing these addresses, but by definition, everyone is required to adhere to it and that is why you cannot do it. But even if an ISP does accept them, when they try to hand them off to other networks, the routers on the Internet at large are configured to drop any such traffic.
Cisco’s OCGs mention this because it is expected that all Internet network
... Continue reading in our forumyes, it was i suspected, that is a rule but not a technological inability.
Thanks for your reply.