Christmas Offer - Every Learner Must Check Out - Flat 88% OFF on All Access Pass
PyNet Labs- Network Automation Specialists

Network Address Translation (NAT)

Author : PyNet Labs
Last Modified: March 5, 2024 
Network Address Translation (NAT) Featured Image


No one anticipated the rapid growth of the Internet when IP addressing was developed. The shortage of IPv4 addresses directly affects the internet’s rapid expansion. Some addresses (Class D and E) are allocated for multicast, research, and development, reducing the total number of usable IPv4 addresses from the available 2^32, or 4.2 billion.

To solve this issue temporarily, a portion of the IPv4 address space was set aside as private. Further, IP addresses are classified into two parts, mainly public and private. Configuring a device with a public address leads you to access the internet since IANA (Internet Assigned Numbers Authority) controls and routes all public IP addresses. Unlike private addresses, public ones may be accessed through the Internet.

The process employed is known as Network Address Translation (NAT) to have seamless communication between private and public networks.

Keep in mind that NAT is only temporary until the address scarcity issue is resolved permanently. Eventually, IPv6 will replace IPv4 because of its much larger address space.

What is Network Address Translation (NAT)?

Network address translation (NAT) is a mechanism that allows several devices on a local network to share a single public IP address while maintaining their own distinct private IP addresses.

NAT translates network devices’ private IP addresses to their public IP addresses so they can communicate with each other over the internet. With NAT, data packets can be easily delivered and received by the intended devices without the need for a large number of unique public IP addresses on a single private network.

Network address translation is used in most home routers, but it also has other applications. Due to cost and security concerns, even very large private network organizations choose to have their entire internal network share a single IP address.

NAT - Network Address Translation

Note: The most typical use of it is not limited to translating private addresses to public ones. In addition to translating addresses across private networks, it can also translate addresses between public to public.

How does Network Address Translation Work?

Setting up the network router or NAT firewall is the first step in making it function. The Interface that the router has worked as a link between the local and global network.

To access the internet, the router translates the internal network address into a globally unique IP address, and vice versa when switching from an external network to an internal one.

To understand how it works, let’s take an example:

  1. At home, you join your gadget to your Wi-Fi network.
  2. A private IP address is given to your gadget by the network at home. This IP address is only valid inside your local network, as are all private IP addresses.
  3. You get online and try to load a page. A request is sent out onto the internet through your network.
  4. When you make a request from your private device, the NAT router replaces your private IP address with the public IP address of your network. A NAT table is where the translation is stored.
  5. The requesting server sends the data packet back to the external IP address of your network.
  6. In this case, your router will convert the sending computer’s public IP address back to the receiving computer’s private IP address.
NAT Topology

Addresses of Network Address Translation

There are two ways NAT addresses can be differentiated and those are Inside and Outside Addresses. Where the Inside address is referred to the private address to be translated. Whereas the outside addresses refer to as the ones used to access the internet.

Inside local address: Inside local address: This IP address helps in representing the host of the private network. By a Private Network, the internet cannot be accessed directly with this IP.

An Insides local address connected to an Inside Global Address which is further connected to the public net.

Inside global address:  By using a globally recognized public IP address, this IP address represents the whole private network. It is used while accessing the Internet services for the private network.

Outside global address: For the host, this IP address helps in representing the outside network address before the NAT translation process for the host.

Public Net which is connected to the Outside Global Address which is further connected to the Outside Local Address.

Outside local address: On the Internet, this IP address represents the actual address representing the host after the NAT translation process.

Why is Network Address Translation important?

There are two major ways in which it benefits networks. To begin, Network Address Translation provides a security layer between the public internet and the internal devices within a firewall. Second, it contributes to decreasing the need for unique IP addresses worldwide. Since IPv6 address adoption is still a way off, this is especially crucial for IPv4 addresses.

Security purposes

Network engineers widely use network address translation to shield networked devices from intrusions or cyberattacks.

The NAT mechanism is a further safeguard for devices on a private network against the rest of the internet. Data delivered to a device may be inspected and filtered by the NAT router or firewall beforehand. This is useful for keeping unauthorized individuals out of a secure device.

Please remember that complete anonymity is impossible with only a private address. Using encryption and other safety measures is a must. However, maintaining a local IP address for your devices offers an additional layer of protection.

Private IP exhaustion prevention

If several devices on a network share the same public IP address, that address may be assigned to as many users as possible, and it will be efficient.

The issue being addressed and solved is the fact that IPv4 addresses are still widely utilized. Unfortunately, IPv4 addresses are limited to just 4.3 billion, and we’re currently at IPv4 exhaustion.

There is a limited pool of IPv4 addresses, and they would be exhausted fast if every device on all private IP networks were given a public IP address. It’s more practical to utilize a single global IP address for all network traffic rather than give each device its own unique public IP address.

Essentially, you are reducing all of the traffic on a network to a single IP address. The devices on the network are then given IP addresses, and these IPs are not assigned to any device.

The range of private IP addresses is as below:

Class A – –

Class B – –

Class C – –

Range of private address space

It is time to move to understand the different types of Network Address Translation.

Network Address Translation (NAT) Types

To put it simply, there are 3 NAT types, that are:

  1. Static
  2. Dynamic
  3. Overload or Port Address Translation (PAT)

Static NAT

A static NAT assigns each public IP address to a single private IP address. Most often, web servers are given a public IP address using it because it needs one public IP address for each private IP address.

Dynamic NAT

Dynamic NAT mechanism is quite different from that of the Static one, where you have to specify a static mapping between a private and public address. Dynamic mapping is done between local and global addresses via Dynamic NAT.

An unassigned public IPv4 address is selected at random by the router. In this case, the dynamic entry remains in the NAT table for as long as traffic is sent back and forth. After a certain amount of time has elapsed, the item will be deleted, and the global IP address will be available for new translations.

Overload or Port Address Translation (PAT)

Using Port Address Translation, a single external IP address may serve as the default gateway for a network of internal private IP addresses, each of which uses a different port number.

This is the most common version of Network Address Translation in use today and is often referred to by the name “NAT Overload.” A global (public) IP address and a custom port are chosen dynamically to facilitate communication.

Each private IP address and port must be translated to a public IP address, and the port must be recorded in a separate NAT table entry in the router.

Network Address Translation Configuration

The NAT firewall configuration details depend on the type of NAT used in any organization. For example: Static NAT and PAT can have a single external IP address, whereas Dynamic NAT has several.

An organization’s local area networks (LANs) utilize private IP addresses for all NAT configurations. Only internal use will be allowed for the IPv4 ranges, 172.16. 0.0/12, and 192.168. 0.0/16. These addresses can be issued to devices on a local area network (LAN) within an organization, but they cannot be routed outside of the network of the organization.

Depending on the NAT method being utilized, an internal, private address can be translated to an external, public address. In any case, the traffic will always need to go via a firewall that handles the translation.

Using internal lookup tables, this firewall can rewrite the headers of incoming and outgoing packets, converting between IP addresses, or route traffic to a specific port on a shared address.

Advantages of NAT

  • It helps conserve the limited pool of IPv4 addresses by allowing multiple devices to share a single public IP address.
  • It also acts as a firewall by hiding the internal IP addresses of devices behind a single public IP address, thus increasing security.
  • It simplifies network configuration and management by reducing the need for globally unique IP addresses.
  • It can be employed to distribute incoming network traffic across multiple servers or devices.
  • It also eliminates the need of address renumbering when a network evolves.

Disadvantages of NAT

  • It restricts direct communication between devices behind different NAT devices, hindering certain applications.
  • It adds complexity to identifying network issues and tracking device activities, making troubleshooting challenging.
  • It introduces processing overhead, causing a slight degradation in network performance.
  • It obscures the true source IP address, making it difficult to trace IP addresses for security or forensic purposes.

If you want to grasp more in-depth insights on this topic, we recommend checking out this video – NAT

Frequently Asked Questions

Q1 – How does network address translation work?

Network Address Translation works by modifying the source or destination IP addresses and/or ports of network packets as they pass through a NAT device. It maps private IP addresses used internally to a single public IP address for communication with external networks, allowing multiple devices to share a single public IP address.

Q2 – What is an example of network address translation?

When multiple devices in a home network share a single public IP address provided by their internet service provider. The Network Address Translation device, typically a router, translates the private IP addresses of each device into a single public IP address when communicating with external networks, allowing the devices to access the internet while sharing the same external IP address.

Q3 – What are the steps in the NAT process?

In the NAT process, the steps involve translating the source IP address of packets from internal devices to a public IP address, translating the destination IP address of response packets back to the appropriate internal device, performing port address translation to enable multiple devices to share the same public IP, and maintaining a mapping table to keep track of the translations.

Q4 – What is the difference between NAT and routing?

NAT involves translating IP addresses and/or ports, allowing multiple devices to share a single public IP address. It provides address conservation and security. Routing, on the other hand, is the process of forwarding packets based on destination IP addresses to ensure efficient data transmission between networks. Network Address Translation focuses on address translation, while routing focuses on packet forwarding.


In conclusion, Network Address Translation allows numerous devices to share a single Internet Protocol (IP) address inside a network. Although each device has its own unique local IP address, these IPs have not yet been assigned to any specific devices. For an IP packet of data to be sent back to the right device, its internal IP address must be converted into a globally unique address.

A NAT gateway router or firewall may perform this translation in both directions. This may be accomplished statically by always assigning the same public IP to the same private IP or dynamically by drawing public IPs from a pool and assigning them to private IPs as needed. All of this has the potential to help networks save costs, increase security, and free up more public IP addresses.

PyNet Labs offers India’s leading CCNA course with post-training support, doubt solving session, free study material, and various other benefits; if you want to learn more about this topic or want to get acquainted with network operations and configuration settings. This online CCNA training course will give you the skills and information you need to succeed in the networking field.

Recent Blog Post

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram