The main figure illustrates one of several NAT (Network Address Translator)
capabilities --- the capability to translate addresses from inside your
network to destinations outside of your network. The steps shown
Figures -
are defined as follows:
User at host 10.4.1.1 opens a
connection to host B.
The first packet that the router
receives from 10.4.1.1 causes the router to check its NAT table.
If a translation is found because it
has been statically configured, the router continues to step 3.
If no translation is found, the
router determines that address 10.4.1.1 must be translated. The
router allocates a new address and sets up a translation of the
inside local address 10.4.1.1 to a legal global address from the
dynamic address pool. This type of translation entry is referred to
as a simple entry.
The router replaces the inside
local IP address 10.4.1.1 with the selected inside global address
(2.2.2.2) and forwards the packet.
Host B receives the packet and
responds to 10.4.1.1 using the inside global IP address 2.2.2.2.
When the router receives the
packet with the inside global IP address of 2.2.2.2, the router
performs a NAT table lookup using the inside global address as the
reference. The router then translates the address back to 10.4.1.1
and forwards the packet to the host.
10.4.1.1 receives the packet and
continues the conversation. For each packet, the router performs
steps 2 through 5.
In
this lab, you will learn the usage of Network
Address Translation through the use of
dynamic translation.
The Cisco IOS Release 11.2 and later
supports the following additional NAT features:
Static address translation
--- Establishes
a one-to-one mapping between inside local and global addresses.
Dynamic source address translation--- Establishes
a dynamic mapping between the inside local and global addresses.
Dynamic mapping is done by describing the local addresses to be
translated and the pool of addresses from which to allocate global
addresses, and associating the two. The router will create
translations as needed.
Address overloading ---
You
can conserve addresses in the inside global address pool by allowing
source ports in TCP connections or UDP conversations to be translated.
When different inside local addresses map to the same inside global
address, each inside host's TCP or UDP port numbers are used to
distinguish between them.
TCP load distribution--- A
dynamic form of destination translation can be configured for some
outside-to-inside traffic. After a mapping is set up, destination
addresses matching an access list are replaced with an address from a
rotary pool. Allocation is done on a round-robin basis, and only when
a new connection is opened from the outside to the inside. All non-TCP
traffic is passed untranslated (unless other translations are in
effect).