Introduction

In today s world of Enterprise networks, one of the major problems facing IT professionals is the rapidly depleting supply of legal network addresses. Measures have been taken to slow the rate at which IP addresses are being allocated; such measures include Classless Inter-Domain Routing (CIDR), Network Address Translation (NAT), and Network Address Port Translation (NAPT or PAT). This chapter will discuss NAT and NAPT and how they can contribute to a security policy, implications of NAT, and considerations when implementing NAT.

NAT is a mechanism that can be used to translate the IP addresses inside IP packets. The mechanism is commonly used today to allow a site using private IP addresses to acheive connectivity the Internet. NAT operates on a device, usually connecting two networks together, allowing them to communicate. Typically one network uses RFC1918 IP addresses, which will be translated into globally unique IP addresses. Other scenarios in which NAT can be utilized will be discussed later in this chapter.

NAT by itself is not a security measure, and should not be implemented in such a fashion. A common misconception is that NAT will allow a company to hide your internal network. That can be an added security benefit, but you should not rely on it as the only security measure. A network using private IP address space is not reachable from the Internet because the Internet routing tables cannot contain such private IP addresses. If routing between the company and the ISP is not done properly, a...