Configuring Network Address Translation (NAT) on Cisco Packet Tracer
Hi there 👋🏾. I'm a software engineer that enjoys building stuff and talking about them. I also tinker a bit with hardware and robotics using Arduino and ROS.
Network Address Translation (NAT) is a networking process of translating a private IP address to a public IP address on the Internet. It's an integral part of internet access because it allows devices in a private network to communicate with services on the public internet. It is necessary because there aren't enough public IPv4 addresses to give out. There are only 2^32 (~4.3 billion) IPv4 addresses available and billions of devices already connected to the internet.
With the limited IP address space, engineers came up with the RFC 1918 standard which took a portion of the public IPv4 address space and made them private. The ranges of these private IP addresses are:
10.0.0.0 to 10.255.255.255 (2^24 ~ 16 million addresses)
172.16.0.0 to 172.31.255.255 (2^20 ~ 1 million addresses)
192.168.0.0 to 192.168.255.255 (2^16 ~ 65 thousand addresses)
These address ranges are gotten from the Class A, Class B, and Class C IP class ranges. Their usage depends on your organization's size. Very large organizations, the size of Blackrock, will prefer to use the first range (10.0.0.0/8) and subnet the IP addresses across departments. A mid-sized organization might go for the second range (172.16.0.0/20) since it's smaller in size and more manageable. Small organizations and local area networks will default to the third range (192.168.0.0/24) since it's the smallest possible range.
Notice the /8, /20, and /24 on the IP addresses in the paragraph above? This is the subnet mask slash notation and it allows you to state the number of bits that are reserved for the network portion of the IP address. An IP address has two portions, the network portion, and the host portion. These two portions share the 32 available bits so the more bits in the network side, the less IP addresses are available for normal devices to connect with. That's why /8 has 16 million addresses and /24 has just 65 thousand.
What does Network Address Translation entail?
The idea behind NAT is to map one or more private IP addresses in a Local Area Network (LAN) to a public internet-routable IP address. So when a machine in the private network wants to communicate with a server with a given public IP as 100.2.51.36, it uses NAT to translate its private IP addresses into a public address like 200.31.51.110. Router in the middle then send these packets across the long distance which they travel until they reach the final destination IP address. In most cases, if the destination implements NAT, it'll be in form of port forwarding, so the destination will know the right server to send the packet to based on the attached port
In the reverse process, all router involved in the communication will keep their channels open so that the response can be sent back to the source.
Types of Network Address Translation
There are three ways NAT can be implemented, with each method depending on the complexity of the intended system. These are Static NAT, Dynamic NAT, and Port NAT. Static NAT involves mapping private IPs to public IPs in a one-to-one fashion so in a network using the 8-bit block, the mapping will look like this:
| Private IP | Publicly-mapped IP |
| 10.0.0.2 | 65.43.50.90 |
| 10.0.0.3 | 65.43.59.91 |
| 10.0.0.4 | 65.43.59.92 |
Dynamic NAT on the other hand maps computers in a private network to a given set of public IP addresses. So 30 computers that are assigned private IP addresses are mapped to say, 5 public IP addresses. The diagram shows a simpler example where 5 computers on the private network are mapped to two public IPs.
The downside to this approach is that if more than two computers want to communicate with the public internet, the router will drop their requests until one of the public IP addresses are free for use. This means if there are 5 computers that must always communicate with the public internet, you must assign 5 public IPs to them. This approach increases the implementation cost of NAT for the organization.
The third NAT technique, Port NAT, solves the limitation of static and dynamic NAT by pairing IP addresses with available port numbers, forming a unique pair. Computers have a port space of 2^16 (65536) unique ports. The first 1024 ports are assigned for administrative use. The remaining 64512 ports can be used to communicate with multiple different public services.
The table below shows a port NAT mapping where computers with private IPs are making requests to different services. So if computer A, with private IP 10.0.0.2 and private port of 1030 makes a request to a publicly routable IP address of 131.34.39.100:80, the router in the network will translate the source IP and port to the available public IP in the network and a random source port. To understand this better, you have to realize that when computers make TCP or UDP requests, they do so with a source IP on a random source port to a destination with its own IP and port. The destination port is usually port 80 or 443, but can also be 3306 (MySQL), 5432 (PostgreSQL), 22 (SSH), 53 (DNS), etc.
| Source IP:Port | Translated IP:Port | Destination IP:Port |
| 10.0.0.2:1030 | 203.0.113.1:10001 | 131.34.39.100:80 |
| 10.0.0.3:1035 | 203.0.113.1:10002 | 131.34.39.100:80 |
| 10.0.0.4:1030 | 203.0.113.1:10003 | 50.23.101.54:443 |
| 10.0.0.2:1030 | 203.0.113.1:10004 | 39.68.30.14:80 |
The diagram below shows a network topology with Port NAT configured to handle IP address and port mapping.
How to Implement Static NAT on Cisco Packet Tracer
You can implement static NAT on Cisco Packet Tracer by first defining a network topology that has two different networks connected by a serial cable. This serial cable serves as the long length of internet between two separate networks. In the static NAT scenario, you will use the IP nat
