Network Address Translation (NAT) provides a mechanism for a privately
addressed network to access registered networks, such as the Internet, without
requiring a registered subnet address. This mechanism eliminates the need for
host renumbering and allows the same IP address range to be used in multiple
NAT is configured on the router at the border of an
network (a network that uses nonregistered IP
addresses) and an
network (a network that uses a globally unique IP
address; in this case, the Internet). NAT translates the inside local addresses
(the nonregistered IP addresses assigned to hosts on the inside network) into
globally unique IP addresses before sending packets to the outside network.
With NAT, the inside network continues to use its existing private or
obsolete addresses. These addresses are converted into legal addresses before
packets are forwarded onto the outside network. The translation function is
compatible with standard routing; the feature is required only on the router
connecting the inside network to the outside domain.
Translations can be static or dynamic. A static address translation
establishes a one-to-one mapping between the inside network and the outside
domain. Dynamic address translations are defined by describing the local
addresses to be translated and the pool of addresses from which to allocate
outside addresses. Allocation occurs in numeric order, and multiple pools of
contiguous address blocks can be defined.
NAT eliminates the need to readdress all hosts that require external
access, saving time and money. It also conserves addresses through application
port-level multiplexing. With NAT, internal hosts can share a single registered
IP address for all external communications. In this type of configuration,
relatively few external addresses are required to support many internal hosts,
thus conserving IP addresses.
Because the addressing scheme on the inside network may conflict with
registered addresses already assigned within the Internet, NAT can support a
separate address pool for overlapping networks and translate as appropriate.