exam Nat question

Unanswered Question
May 25th, 2008
User Badges:

hi all,

An organization has one router that is its border with the outside

world. The gateway router is connected to three internal routers.

Only the internal routers have feeds to hosts.

NAT needs to be implemented and all the hosts need to be put into

a private address space.

The question is whether one should implement NAT on the gateway

router, or implement NAT once on each interior router.

What is the "correct" answer?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
joseph.derrick Sun, 05/25/2008 - 08:39
User Badges:

Hi Mahesh18,

My opinion is to perform NAT on your 3 internal routers and configure a routing protocol between your internal and border routers.

In this way, border router will free up itself from processes related to network address translation.

Please rate if it helps.



foxbatreco Sun, 05/25/2008 - 17:48
User Badges:
  • Bronze, 100 points or more

NAT should be done on the internal routers itself as thats the initial point of contact for the hosts carryin private ip to move out into the clouds.These internal routers can den use either some Dynamic routing protocol to exchange routes between itself & border router or better can make use of simple default route to border one.

This will relieve border router of unwarranted checks and nat tables.NAT table works better if its near to the emanating traffic for outgoing ones.

Rate if this helps!!!

michael.leblanc Mon, 05/26/2008 - 11:13
User Badges:
  • Silver, 250 points or more

You would do NAT overload (PAT) at the network edge (on the gateway router). All internal interfaces including the outside interfaces of the three internal routers would have private addresses.

All NAT/PAT configuration would be consolidated on the single device. This is also where you would establish static NAT translations for public access to inside servers (if any).

You would likely choose to use a dynamic routing protocol between the gateway router and the three internal routers to facilitate communication between the three innermost LANs.

mahesh18 Mon, 05/26/2008 - 11:33
User Badges:

hi Michael thanks for reply.

So NAT overloading is used as we have more Private IP addresses as compare to Public IP


michael.leblanc Mon, 05/26/2008 - 11:54
User Badges:
  • Silver, 250 points or more

Think in terms of one-to-one, many-to-one, dynamic, and static translations.

PAT is a many-to-one translation. It is often used when you only have one "inside global address" (i.e.: one global IP representing multiple inside hosts).

However, when more than one global IP is available, PAT can co-exist with other translations as well.

NAT can be used to do a static one-to-one translation where one specific private IP is mapped to one specific global IP.

NAT can be used to do dynamic one-to-one translations where a private IP is mapped "temporarily" to a global IP from a pool, and then relinquished when no longer needed, to be used by another host.

You could do static one-to-one for some of your hosts, and dynamic one-to-one for the remaining hosts (using a pool), or alternatively, many-to-one using PAT.


This Discussion