|
Table Of Contents
Port Address Translation (PAT)
Number of Translations per NAT
Product Bulletin No. 792
Cisco IOS Network Address Translation (NAT)
Packaging UpdateThis Product Bulletin provides an overview of packaging information and platform support for Cisco IOS® Network Address Translation (NAT) and Easy IP functionality.
NAT Description
In its simplest configuration, Network Address Translation (NAT), initially described in RFC 1631, operates on a router connecting two networks together. Each of these networks can use for its addressing plan globally unique addresses, private addresses (RFC1918), or addresses that have been officially assigned to some other organization. One of these networks is designated as "inside," while the other as "outside." One of these networks is addressed with addresses that must be translated before packets are forwarded onto the other network. NAT can also be performed bi-directionally, translating both the source and destination addresses in some situations.
Both static and dynamic address translations are supported by Cisco IOS NAT, alone or in conjunction with one another. Static address translations are those in which an administrator explicitly maps an external address to an internal address. Dynamic translations are those in which a pool is allocated and each new IP address to be translated is dynamically mapped to another IP address from the pool in a round-robin fashion. Static translations are generally used to allow access to a particular device through the NAT. For example, if a network has an internal DNS server which needs to communicate with an external DNS server, one would configure a static translation to enable such connectivity. The NAT thus allows traffic to be passed between these statically known, but translated address. Please note that addresses used in static translations must explicitly be omitted from the dynamic translation pool. An IP packet traversing a NAT can have both its source and destination addresses translated by the NAT.
Port Address Translation (PAT)
Several internal addresses can be NATed to only one or a few external addresses by using a feature called "overload," which is also referred to as Port Address Translation (PAT). A subset of NAT functionality, PAT is used to map internal addresses to 1 or more external addresses. PAT uses unique port numbers on the outside IP address to distinguish between the various translations. Because the port number is encoded in 16 bits, the total number could theoretically be as high as 65,536. PAT will attempt to preserve the original source port, if this source port is already allocated PAT will attempt to find the first available port number from the appropriate port group 0-511, 512-1023 or 1024-65535.
Note:
•
•
Number of Translations per NAT
The number of simultaneous NAT translations supported on a given platform is bounded by the amount of available DRAM in the router. Each NAT translation consumes about 220 bytes of memory. When using the overload function, each time a different stream, identified by an IP address, protocol, and TCP or UDP port number, passes through the NAT router, a new entry is created in the table. If traditional address translation is being utilized, each IP address matches to only one IP address and creates a single table entry. Depending upon the administrator's individual situation, one or the other translation type will be best for their particular translation solution.
Easy IP Overview
With Cisco IOS Easy IP, router configuration tasks are minimized: simply plug-in the router, configure the dialup number for a central access server, and connect the LAN devices to the router. With Cisco IOS Easy IP, a Cisco router automatically assigns local IP addresses to SOHO hosts via the Dynamic Host Configuration Protocol (DHCP), automatically negotiates its own registered IP address from a central server via the Point-to-Point Protocol/Internet Control Protocol (PPP/IPCP), and enables all SOHO hosts to access the global Internet using a single registered IP address. Because Cisco IOS Easy IP utilizes existing port-level multiplexed Network Address Translation (NAT) functionality within Cisco IOS software, IP addresses on the remote LAN are invisible to the Internet, the remote LAN more secure.
With Cisco IOS Easy IP, client IP addresses are transparently configured via DHCP each time they power up on the network. Cisco IOS Easy IP enables ISPs to allocate a single registered IP address to each remote LAN such that any host on the LAN can access the Internet. It allows ISPs to maximize their customer bases while minimizing the required number of registered IP addresses. This feature simplifies and reduces costs associated with global IP address management tasks for ISPs and their customers. Because only a single registered IP address is required to support all users on an entire remote LAN, customers and ISPs can use their registered IP addresses more efficiently. Cisco IOS Easy IP also reduces management tasks and costs associated with VLSM-based addressing for each remote LAN.
Cisco IOS Easy IP is a combination of the following technologies:
•
•
•
Packaging and Availability
Cisco IOS Easy IP is available in a two-phase packaging strategy:
Cisco IOS Easy IP Phase 1: Includes PAT and PPP/IPCP negotiation capabilities and assumes that all SOHO LAN hosts have statically configured IP addresses.
Cisco IOS Easy IP Phase 2: Adds the Cisco IOS DHCP Server capability and enables the Cisco IOS Easy IP router to dynamically allocate IP addresses to the remote LAN hosts via DHCP.
NAT Packaging Summary
Cisco Feature Navigator provides customers with a tool to identify which release and platform any Cisco IOS feature is available on. Please refer to the following URL and follow the instructions provided:
For historical purposes:
•
•
•
Cisco Feature Navigator should be first place you go to resolve feature to platform to software packaging questions
http://www.cisco.com/pcgi-bin/Support/FeatureNav/FN.pl
No NAT functionality is available on uBR7200 in Service Provider (-p) software image. DHCP Server functionality is available on uBR7200 in the Service Provider (-p) software image.
On Cisco 2500, 2600, 3620, 3640, 4x00, Cisco AS5200, AS5300, AS5800, Catalyst® 5000 RSM, Cisco 7200, Cisco RSP7000, Cisco 7500, and MGX 8800 RPM platforms in Enterprise (-j) images beginning in 12.0(1) and 12.0(1)T
On Cisco 3800 Series in Enterprise (-j) images beginning in 12.0(3)T
In Cisco IOS Firewall images for Cisco 1600 and 2500 platforms beginning in 12.0(3) & 12.0(3)T, and Cisco 1700, 2600, 3600, and 7200 platforms beginning with 12.0(3)T
1NAT and DHCP Server functionality are only available on the uBR7200 platform in the Service Provider Plus (-ps) software image beginning in 12.0(3)T.
For all platforms, NAT with support for Microsoft's NetMeeting application requires either a `J' or an `O' image, enterprise feature set or Cisco IOS Firewall feature set respectively.
Release 12.0/12.0T NAT Packaging on Cisco 10000 Series Platforms
NAT functionality is provided only in Cisco 1000 Plus images in releases 12.0 and 12.0T. PAT-only functionality is available in all base images for Cisco 1000 series platforms. Customers must purchase a "Plus" image in order to obtain NAT functionality for Cisco 1000 series when using releases 12.0 or 12.0T.12.0T NAT/Cisco IOS DHCP Server Packaging on Cisco MGX8800 RPM Platform:
Cisco IOS NAT functionality is not available on this platform. Cisco IOS DHCP Server functionality is supported in the Cisco MGX8800 RPM Service Provider (-p) software image.
Definitions
Easy IP Phase 1: Includes PAT Only or NAT and PPP/IPCP WAN interface address negotiation functionality.
Easy IP Phase 2: Includes PAT Only or NAT, PPP/IPCP WAN dynamic interface address negotiation functionality, and Cisco IOS DHCP Server functionality.
Posted: Mon Apr 10 09:57:30 PDT 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
