Introduction

This chapter will allow you to enable or disable Network Address Translation (NAT) for a single host, for a range of addresses, or for an entire network. There are two different ways to employ NAT. In this chapter we will demonstrate and explain both methods in detail. In the first method, you configure a single address or a range of addresses to hide protected addresses; this is Dynamic (Hide) mode NAT. When you use the second method, Static mode NAT, you define a single address that allows a protected host to participate in two-way communications with hosts outside of the protected network.

To understand more about the impact NAT configuration changes have on the gateway, you first need to review a few fundamental concepts. As is easily conveyed by the term itself, Network Address Translation provides a means to convert the source address, destination address, source port, or destination port within a packet. The dominant use of NAT allows internal hosts with nonroutable IP addresses to successfully navigate to the Internet. Since many firewall administrators work with networks that have a limited number of public (routable) IP addresses, their internal private networks utilize private IP address ranges as defined in RFC 1918. For these hosts to be able to access public hosts and services on the Internet, they require a process that translates their private source address into a public, routable source address. NAT provides this very service. When the packet destined for the Internet reaches the gateway, NAT...