05-25-2008 07:24 AM - edited 03-05-2019 11:12 PM
hi all,
An organization has one router that is its border with the outside
world. The gateway router is connected to three internal routers.
Only the internal routers have feeds to hosts.
NAT needs to be implemented and all the hosts need to be put into
a private address space.
The question is whether one should implement NAT on the gateway
router, or implement NAT once on each interior router.
What is the "correct" answer?
thanks
05-25-2008 08:39 AM
Hi Mahesh18,
My opinion is to perform NAT on your 3 internal routers and configure a routing protocol between your internal and border routers.
In this way, border router will free up itself from processes related to network address translation.
Please rate if it helps.
Thanks,
Deejay
05-25-2008 05:48 PM
NAT should be done on the internal routers itself as thats the initial point of contact for the hosts carryin private ip to move out into the clouds.These internal routers can den use either some Dynamic routing protocol to exchange routes between itself & border router or better can make use of simple default route to border one.
This will relieve border router of unwarranted checks and nat tables.NAT table works better if its near to the emanating traffic for outgoing ones.
Rate if this helps!!!
05-26-2008 07:53 AM
Hi thanks
for greathelp
05-26-2008 11:13 AM
You would do NAT overload (PAT) at the network edge (on the gateway router). All internal interfaces including the outside interfaces of the three internal routers would have private addresses.
All NAT/PAT configuration would be consolidated on the single device. This is also where you would establish static NAT translations for public access to inside servers (if any).
You would likely choose to use a dynamic routing protocol between the gateway router and the three internal routers to facilitate communication between the three innermost LANs.
05-26-2008 11:33 AM
hi Michael thanks for reply.
So NAT overloading is used as we have more Private IP addresses as compare to Public IP
address?
05-26-2008 11:54 AM
Think in terms of one-to-one, many-to-one, dynamic, and static translations.
PAT is a many-to-one translation. It is often used when you only have one "inside global address" (i.e.: one global IP representing multiple inside hosts).
However, when more than one global IP is available, PAT can co-exist with other translations as well.
NAT can be used to do a static one-to-one translation where one specific private IP is mapped to one specific global IP.
NAT can be used to do dynamic one-to-one translations where a private IP is mapped "temporarily" to a global IP from a pool, and then relinquished when no longer needed, to be used by another host.
You could do static one-to-one for some of your hosts, and dynamic one-to-one for the remaining hosts (using a pool), or alternatively, many-to-one using PAT.
05-26-2008 12:29 PM
Thanks for help again
05-26-2008 12:32 PM
Your welcome.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide