Cisco 17.X NAT IP Address Conservation User Guide

Overview of NAT for IP Address Conservation

Network Address Translation (NAT) is a critical feature for conserving IP addresses by allowing private, non-registered IP networks to connect to the Internet. By translating internal private addresses into legal, globally unique addresses, NAT enables organizations to overcome IP address depletion and enhances network security by hiding internal network structures.

Key NAT Concepts

• Inside Local Address: The IP address assigned to a host on the internal network.
• Inside Global Address: A legitimate IP address representing one or more inside local addresses to the outside world.
• Outside Local Address: The IP address of an outside host as it appears to the internal network.
• Outside Global Address: The actual IP address assigned to a host on the outside network.

Types of NAT

• Static NAT: Provides a one-to-one mapping between a local and a global address, useful for internal hosts that must be accessible from the outside.
• Dynamic NAT: Maps unregistered internal IP addresses to a pool of registered global addresses.
• Overloading (PAT): Maps multiple internal IP addresses to a single registered global address using different ports, allowing thousands of users to share one public IP.

Configuration and Requirements

Before configuring NAT, ensure you have defined your inside and outside interfaces. NAT is typically configured at the border device between a stub domain and the backbone. Configuration tasks include setting up static translations, dynamic pools, and overloading. For advanced scenarios, the guide covers TCP load distribution, overlapping network translation, and route map integration.

Security and Maintenance

NAT can be used to mitigate certain security risks, but it is important to be aware of potential issues such as DoS attacks or malicious traffic. The guide provides instructions for rate-limiting NAT translations to protect against viruses and worms. Administrators should regularly monitor NAT statistics using the show ip nat statistics command to ensure optimal performance and identify potential bottlenecks.

Restrictions

Be aware that NAT may not be practical for all applications, particularly those using embedded IP addresses. Certain protocols may require specific handling, and NAT cannot coexist with some other features like Zone-Based Policy Firewalls in certain configurations. Always verify your specific network requirements against the documented restrictions before deployment.