Address Translation
The current Internet Protocol standard being used is version 4 (IPv4). IPv4 addresses consist
of 32 bits, which represents approximately 4 billion individual IP addresses. This seems like
a tremendous number of addresses, but the Internet continues to grow at an incredible rate,
and with the current standard, available addresses will run out. Two solutions are being
implemented to help conserve the public address space or increase the number of available
public addresses. The first is Internet Protocol version 6 (IPv6), a total redesign of the Internet
Protocol that is still in development. The second solution is the use of RFC 1918 addressing
combined with Port Address Translation (PAT). RFC 1918 sets aside network space to be
used for private networks, and PAT provides a method for hiding literally thousands of
private addresses behind a single public address. This private address space is not accessible
via the public Internet. Static Network Address Translation (NAT) is used to create a one-toone
relationship between public addresses and RFC 1918 addresses and allows external users
to access internal resources.
The Internet Assigned Numbers Authority (IANA) reserved the following address space for
private networks:
10.0.0.0 through 10.255.255.255: 16,777,214 hosts
172.16.0.0 through 172.31.255.255: 1,048,574 hosts
192.168.0.0 through 192.168.255.255: 65,534 hosts
RFC 1918 has had a tremendous impact on Internet addressing and the design of public and
private networks. The challenge to RFC 1918 addressing is that private addresses cannot be
publicly routed. Hence, address translation is implemented. Address translation provides not
only a method of conserving public address space, but also an additional level of protection
for internal nodes because there is no way to route to a private address from the Internet.
Address translation is the method used by the Cisco PIX Firewall to give internal nodes with
private IP addresses access to the Internet. The internal node addresses that are translated are
called local addresses, and the addresses that are translated as well are called global
addresses. nat and global commands are applied to specific interfaces. Most commonly, NAT
takes place, translating internal addresses to external addresses, although the PIX Firewall is
not limited to this configuration. It is possible to translate any address at one interface to
another address at any other interface. Two types of NAT can be implemented on a Cisco
Security Appliance: