CCNA Tutorial – What You Need To Know About NAT And Routing
by abpalancajr on
in ccna tutorial
This is a CCNA tutorial on how Cisco NAT (network address translation) works. I wrote previously about how to use the proper NAT Cisco IOS Commands. This article will provide more detail on the NAT order of operations and routing.
One important point of NAT which is not mentioned in many CCNA tutorials and CCNA books is the NAT order of operations. Cisco has written a document about the NAT order of operation which can be intimidating to read for the new network engineer or CCNA candidate. Strictly speaking, you might not need to have this knowledge for the CCNA test, however, this is very useful to know for any practical implementation of NAT, and it’s definitely something within the CCNA level of knowledge. Read this CCNA tutorial well and you’ll be able to improve your practical NAT knowledge.
The translation is done whenever the packet traveses the router from the NAT inside interface to the NAT outside interface, or the other way round from the NAT outside interface to the NAT inside interface. In many NAT implementations, there is no dynamic routing configured due to security restrictions in the network DMZ or at the network edge. In this case, how would you know which routes you need to configure for the NAT to operate smoothly? Do you need to have routing to the untranslated or translated address? This is a source of confusion to many network engineers new to networking and the topic I will focus on for this CCNA tutorial.
Network Address Translation - Outgoing Packet
NAT Inside To Outside
For packets going from the NAT inside to the NAT outside interface (local to global translation), when you check the Cisco order of operations guide, you will find that routing occurs before translation. In this case, you’ll need a route for the untranslated network or address (in the above diagram, 196.168.100.1). This can be added statically if no dynamic routing protocol is configured.
Network Address Translation - Incoming Packet
NAT Outside To Inside
For packets going from the NAT outside to the NAT inside interface (global to local translation), routing occurs only after translation. In this case, you’ll need a route to the post-translation address (in this case 192.168.1.1), NOT the global address as you might expect.
There are other aspects of the NAT order of operation that affect the NAT configuration but by far the routing is the most important to have a functional NAT configuration. Some other parts of the NAT process such as when the ACLs are checked are also important, and I’ll cover this in an article sometime in future.
I hope this CCNA tutorial has helped improve your knowledge of NAT for the CCNA and beyond.
P.S. Become a fan of SavvyNetCert on FaceBook now. Click here to see our FaceBook page.
Cheers,
Francis (@savvynetcert)
