Table of Contents
Advertisement
NAT Configurations
You can configure NAT in several different ways. Each of the following configuration
methods provides a solution for different configuration requirements:
Traditional NAT
Traditional NAT is the most common method of using address translation. Its primary
use is translating private addresses to legal addresses for use in an external network.
When configured for dynamic operation, hosts within a private network can initiate
access to the external (public) network, but external nodes on the outside network
cannot initiate access to the private network.
Addresses on the private network and public network must not overlap. Also, route
destination advertisements on the public network (for example, the Internet) can
appear within the inside network, but the NAT router does not propagate
advertisements of local routes that reference private addresses out to the public
network.
There are two types of traditional NAT basic NAT and NAPT.
Basic NAT
Basic NAT provides translation for IP addresses only (called a simple translation) and
places the mapping into a NAT table. In other words, for packets outbound from the
private network, the NAT router translates the source IP address and related fields
(for example, IP, TCP, UDP, and ICMP header checksums). For inbound packets, the
NAT router translates the destination IP address (and related checksums) for entries
that it finds in its translation table.
CAUTION: Although NAT is the simplest translation method, it is the least secure.
By not including port or external host information in the translation, basic NAT allows
access to any port of the private host by any external host.
RFC 2993-Architecture Implications of NAT (November 2000)
RFC 3022-Traditional IP Network Address Translator (Traditional NAT) (January
2001)
RFC 3027-Protocol Complications with the IP Network Address Translator (January
2001)
Traditional NAT
Bidirectional NAT
Twice NAT
Chapter 2: Configuring NAT
65
NAT Configurations
Advertisement
Table of Contents
