User Manual

Table Of Contents

120 40520-100a ViPR User Manual

4.8.3.3.1 NAT Overview

The purpose of the “Network Address Translation” (NAT) protocol is to hide a private IP network from a

public network. The mechanism serves both as a firewall function and to save IP address space.

Figure 32 - Basic NAT Operations

The source address of packets transiting from the private network to the public network gets translated by

the NAT enabled device. The original IP source address gets replaced by the NAT enabled device’s own

IP address (address of the outgoing interface). The NAT module creates an address translation table that

is used when traffic is coming back from the public network to the private network.

In our example Host 1 sends a packet to Host 2. The Host 2 device does not see the private IP address of

Host 1. When Host 2 sends a reply to Host 1, he uses the destination IP address 172.31.1.1, this gets

translated back to the appropriate destination IP address by the NAT enabled device.

NAT does a lot more then just translation of the IP source address. NAT does also some translation de-

pending on the IP protocol. For the UDP and TCP protocol NAT, will also translate the source port num-

bers. Special handling is also done for other more specific protocol like FTP.

Packet (1)

Source Address 172.30.1.2

Destination Address 192.168.1.2

Packet (1)

Source Address 172.31.1.2

Destination Address 172.31.1.2

172.30.1.1/24

172.31.1.1/24

NAT Enabled Device

Packet (2)

Source Address 192.168.1.2

Destination Address 172.30.1.2

Packet (2)

Source Address 172.31.1.2

Destination Address 172.31.1.1

Host 1

172.30.1.2/24

Host 2

172.31.1.2/24

Private network 172.30.1.0/24

Public network