Chapter 2 Network Address Translation (NAT)

Question 1

Define Private IP Addresses? [3]

Answer 1

Private IP addresses are not globally unique.

The private IP addresses can only be used within a private IP network (business enterprise/private individual).

Private IP addresses are not publicly recognized, therefore they will not be forwarded across the public Internet.

Question 2

Define NAT (Network Address Translation) [2]

Answer 2

Responsible for translating between private and public addresses

Each time a packet pass through the NAT router (no matter whether leaving the private network to the Internet or entering it from the Internet), the private IP address in the IP packet header is translated to or from (i.e., swapped for) a public IP address.

Question 3

Define different Types of NAT. NAT can be implemented using one of three methods:

Answer 3

Static NAT – performs a static one-to-one translation between two addresses, or between a port on one address to a port on another address. Address translation from the inside (local) network to the outside (global) network.

Dynamic NAT – utilizes/translate from a pool of local addresses to a pool of global addresses behind a NAT-enabled device.

NAT Overload or Port Address Translation (PAT) – allows many-to-one address mapping, since many inside addresses can be mapped to one outside IP address. PAT is necessary when the number of internal clients exceeds the available global addresses.
PAT allows multiple inside addresses to map to the same global address.

Question 4

NAT Terminologies/Addresses types [4]

Answer 4

For simplicity sake, it is generally acceptable to associate global addresses with public addresses, and local addresses with private addresses.
However, it must be taken into consideration that public-to-public and private-to-private translation is still possible.
Inside hosts are within the local network, while outside hosts are external to the local network.

Inside Local – the actual address assigned to an inside host (private address)

Inside Global – the inside address seen from the outside (public address) Essentially, this is the dynamically or statically assigned public address assigned to a private host. Source host address used after translation to get onto the Internet

Outside Global – the actual address assigned to an outside host (public address).

Outside Local – the outside address seen from the inside. This address identifies an outside host to the inside network. However, it is occasionally necessary to translate an outside (usually public) address to an inside (usually private) address.

Question 5

NAT Boundary Configurations

Answer 5

interface FastEthernet0
ip address 10.0.0.1 255.255.0.0
ip nat inside
interface FastEthernet1
ip address 174.143.212.1 255.255.252.0
ip nat outside

Usually:
Inside => Private
Outside => Public

For a connection from HostA to HostB:
NAT addresses are identified as follows:
Inside Local Address - 10.1.1.10
Inside Global Address - 55.1.1.1
Outside Global Address – 99.1.1.2
Outside Local Address – 99.1.1.2

Question 6

Configuring Static NAT

Answer 6

Router(config)# int e0/0
Router(config-if)# ip nat inside
Router(config)# int s0/0
Router(config-if)# ip nat outside
Syntax of statically mapping a public address to a private address:
Router(config)# ip nat inside source static 172.16.1.1 158.80.1.40
This command performs a static translation of the source address 172.16.1.1 (located on the inside of the network), to the outside address of 158.80.1.40.

Question 7

Benefits of NAT [5]

Answer 7

Only devices within the private network which need to communicate with the public Internet need have a public IP address.

Private IP network is much more secure
This is because all the private network devices which do not require public Internet access do not have public IP addresses and therefore cannot be accessed by malicious ‘hackers’ in the outside public Internet community.

Hiding the specific addresses and addressing scheme of the internal/private network.
Allows you to increase or decrease the number of registered IP addresses without changing devices in the network.

If you switch ISPs and need to change the registered IP addresses you are using, NAT makes it so you don’t have to remember every device in your network. The only change is the addresses that are being used in the NAT pool.

Question 8

Drawbacks of NAT [2]

Answer 8

NAT increases latency. Every packet must be processed to see if it needs translation.

End-to-end IP traceability is also lost. If you need to troubleshoot your network from a remote site, you will find troubleshooting more difficult and sometimes even impossible.