Figure 12: Sample Source Static NAT
Network Address Translation (NAT) allows multiple hosts on a private internal network to access the public external network using a small pool of NAT addresses. Only addresses from this pool are visible to the external network. Between the internal and external network, a router is configured to rewrite the source or destination addresses of IP packets passing through it.
Services Routers support four types of NAT processing: source static NAT, source dynamic NAT with Network Address Port Translation (NAPT), source dynamic without NAPT, and destination static NAT.
Source static NAT translates an internal source address to a NAT address from the referenced pool on a one-to-one basis. Source static NAT is easy to implement and is useful in a situation when the available pool of addresses is equal to or greater than the number of source addresses to be translated.
In the sample source static NAT scenario shown in Figure 12, the defined prefix 192.168.1.0/24 is mapped one-to-one to the defined source address pool 121.0.1.0/24. Hence the source address 192.168.1.1 always translates to 121.0.1.1, the source address 192.168.1.2 always translates to 121.0.1.2, and so on.
Figure 12: Sample Source Static NAT
Typically, source dynamic NAT implements address translation for source traffic with Network Address Port Translation (NAPT). For each outgoing packet, the source address is replaced by a NAT address from a defined address pool and a port is assigned to it either automatically by the NAT router or from a port pool that you define. A NAT address that is assigned to a host is used for all concurrent sessions from that host. The address is released to the pool only after all the sessions for that host expire. Because all the private hosts might not simultaneously create sessions, they can share a few NAT addresses.
In the sample source dynamic NAT scenario shown in Figure 13, the source address 192.168.1.1 is translated to address 121.0.1.1 from the defined NAT pool, and is assigned port 20001 from the defined port pool. The NAT address 121.0.1.1 is reused for source address 192.168.1.2 with a different port, 20002.
A dynamic NAT pool with NAPT supports address ranges with a maximum of 32 addresses.
Figure 13: Sample Source Dynamic NAT with NAPT
Alternatively, a Services Router supports source dynamic NAT without NAPT. This technique, also known as oversubscribed NAT, allows NAT addresses from the referenced pool to be assigned dynamically. Assigning addresses dynamically also allows a few public IP addresses to be used by several private hosts in contrast with an equal sized pool required by source static NAT.
A dynamic NAT pool with no address port translation supports address ranges with a maximum of 65,535 addresses.
Destination static NAT translates the destination address for external traffic to an address specified in a destination pool. The destination pool contains one address and no port configuration.
In the destination static NAT scenario shown in Figure 14, when the NAT router receives a packet with destination address 121.0.1.1, it replaces this destination address with the associated local host address 192.168.1.1. Only the address defined in the destination address pool (121.0.1.1) is visible to the external router and not the local host address (192.168.1.1).
Figure 14: Sample Destination Static NAT
