Skip to content

Network Address Translator(NAT)/Port Address Translation(PAT)

November 2, 2012


Network Address Translator (NAT) operates on a router connecting two networks. One of these networks, which is designated as inside, is addressed with either private or obsolete addresses. These addresses require to be converted into legal addresses before the packets are forwarded to the other network. The other network is designed as outside. In addition, the translation operates in conjunction with routing, so that NAT can be enabled on a customer side Internet access router when translation is required.

Explaining Network Address Translation (NAT)

Network Address Translation is sometimes confused with proxy servers. NAT is transparent to the source and destination computers. Neither one realizes that it is dealing with a third device. A proxy server is not transparent. The source computer knows that it is making a request to the proxy server and is configured to do so. The destination computer evaluates that the proxy server is the sources computer and deals with it directly. In addition, proxy servers usually work at a higher layer makes proxy servers slower than NAT devices in most cases.

NAT operates at the Network layer (layer 3) of the OSI Reference Model because this is the layer at which routers work.

A real benefit of NAT is apparent in network administration. For example, you can move your Web server of FTP server to another host computer without having to worry about broken links. Simply change the inbound mapping with a new inside local addresses at the router to reflect the new host. You can also make changes to your internal network easily since the only external IP address either belongs to the router or comes from a pool of global address.

NAT and DHCP are a natural fit because you can select a range of unregistered IP addresses for you stub domain and have the DHCP server role them out according to the requirements. It also makes it much easier to scale up you network as your needs grow. You do not require requesting more IP address configured in DHCP and immediately have room for additional computers on your network.

NAT Concepts of Terminology


NAT device provides Network Address Translation on the router hardware. The goal of NAT is to provide functionally as if the private network has globally unique addresses and the NAT device in not present. Cisco IOS NAT supports “di-directional translation” through the simultaneous use of “inside source” and “outside source” translations.

 Static NAT

Static NAT, also called inbound mapping, allows connections initiated by external devices to computers on the sub domain to take place in specific circumstances. For example, you may require mapping an inside global address to a specific inside local address that is assigned to your Web server. Static NAT (inbound mapping) allows a computer on the stab domain to maintain a specific address while communication with devices outside the network.

 Dynamic NAT

Implementing dynamic NAT automatically creates a firewall between you internal network and outside networks or the internet. Dynamic NAT allows only connections that originate insde the stub domain. Essentially, this means that a computer on an external network cannot connect to you computer unless you computer has initiated the contact. You can browse the Internet and connect to a site, even download a file. Another person cannot latch into your IP address and use it to connect to a port on your computer.

Explaining Port Address Translation (PAT)

The Port Address Translation (PAT) is used to translation internal address to only one or a few external addresses. The PAT feature is also referred is also referred “overload”, which is a subset of NAT; functionality.

PAT uses unique source port numbers of the inside Global IP address to distinguish between translations. The port numbers are encoded into 16 bits. The total number could theoretically be as high as 65,536 per IP address. In addition, PAT attempts of preserve the original source port, if this source port has already allocated PAT, then PAT will attempt of find the first available port number starting from the beginning of the appropriate group and more than one IP address are configured, PAT moves to the next IP address and tries allocating the original source port again. This continues until it urns out of available ports and IP address.

From → uncategorized

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: