How NAT Works

NAT is configured on the router or route processor closest to the border of a stub domain
(a LAN that uses IP addresses—either registered or unregistered for internal use) between
the inside network (local network) and the outside network (public network such as an ISP
or the Internet). The outside network can also be another company, such as when two networks
merge after an acquisition.
An illustration of NAT is shown in Figure 31.1. You should note that the router separates
the inside and outside networks. NAT translates the inside local addresses into the globally
unique inside global IP address, enabling data to flow into the outside network.
FIGURE 3 1 . 1
The NAT router on the border of an inside network and an outside network
such as the Internet
NAT border
router
NAT takes advantage of there being relatively few network users using the outside network
at any given time. NAT does this by using process switching to change the source address on the
outbound packets, directing them to the appropriate router. This enables fewer IP addresses to
be used than the number of hosts in the inside network. Before the implementation of NAT on
all Cisco enterprise routers, the only way to implement these features was to use pass-through
firewall gateways.
NAT was first implemented in Cisco’s IOS release 11.2 and spelled out in
RFC 1631.