You can conserve addresses in the inside global address pool by enabling the router to use one
global address for many local addresses. When NAT overloading is enabled, the router maintains
higher level (layer 4) protocol information in the NAT table for TCP and UDP port numbers
to translate the global address back to the correct inside local address. When multiple local
addresses map to one global address, NAT uses the TCP or UDP port number of each inside
host to make unique, distinguishable outside network addresses.
Figure 31.3 shows the NAT operation when one inside global address represents multiple
inside local addresses. The TCP port number is the portion of the global IP network address that
differentiates between the two inside local addresses on the network.
When the router processes multiple nonroutable inside IP addresses to one globally routable
global IP address, it performs the following steps to overload inside global addresses:
1. The host at the inside IP address of 10.1.2.25 opens a connection to a host at IP address
205.1.1.25 on an outside network.
FIGURE 3 1 . 3 NAT overloading inside global addresses
1
10.1.2.25
10.1.2.26
Internet data
to 205.1.1.25
Internet data
to 130.77.116.4
NAT border
router
200.1.2.26:1723
200.1.2.26:1024
Reply
NAT table
Inside local
IP address & port
10.1.2.25:1723
10.1.2.26:1723
Inside global
IP address & port
200.1.2.26:1723
200.1.2.26:1024
Outside global
IP address & port
205.1.1.25:80
130.77.116.4:80
2. The first packet that the NAT border router receives from the host at 10.1.2.25 causes the
router to check its NAT table. Because no translation entry exists, the router determines
that address 10.1.2.25 must be translated and configures a translation to the inside global
address of 200.1.2.25. If overloading is enabled and another translation is active, the router
reuses the global IP address from that translation and saves enough information to translate
returning packets back. This type of entry is called an extended entry.
3. The router replaces the inside local source address of 10.1.2.25 with the selected globally
routable address and a unique port number and forwards the packet. In this example, the
source address is now shown as 200.1.2.26:1723 in the NAT table.
4. The host at 205.1.1.25 receives the packet and responds to the host at 10.1.2.25 by using
the inside global IP address and port in the source address field of the packet received
(200.1.2.26:1723).
5. The NAT border router receives the packet from 205.1.1.25. It then performs a NAT
table lookup, using the inside global address and port, with the outside address and outside
port number. The router then translates the address back to the destination address
of 10.1.2.25. The NAT border router then forwards the packet to the host using the IP
address of 10.1.2.25 on the inside network.
Steps 2 through 5 are continued for all subsequent communications until the connection
is closed.
Both the host at IP address 205.1.1.25 and the host at IP address 130.77.116.4 think they are
talking to a single host at IP address 200.1.2.26. They are actually talking to different hosts,
with the port number being the difference that the NAT border router uses to forward the packets
to the correct host on the local inside network. In fact, with the port addressing scheme, you
use could allow approximately 4,000 hosts to share the same inside global IP address by using
the many available TCP and UDP port numbers.