Using Network Address Translation in Your Network

IPv4 and IPv6 Network Address Translation (NAT) and IPv4 Network Address Port Translation (NAPT) are methods of concealing a set of host addresses on a private network behind a pool of public addresses. Together they are referred to as traditional NAT. A traditional NAT configuration is made up of a private network and a public network that are connected by a router with NAT enabled on it.

Basic NAT maps IP addresses from one group of addresses to another, transparent to the end user. A basic NAT translation is always between a single private IP address and a single public IP address.

NAPT translates many private network addresses, along with each private address‘ associated TCP/UDP port, into a single public network address and its associated TCP/UDP ports. Given that there is only a single public IP address associated with the translations, it is the public port that the private address and its port are associated with that allows for the uniqueness of each translation.

The S-Series platform supports IPv4-to-IPv4 (NAT44) and IPv6-to-IPv6 (NAT66) basic NAT and IPv4-to-IPv4 NAPT.

In addition, the following features are also supported:

  • Static NAT using singular IPv4 or IPv6 IP addresses
  • Dynamic NAT using IPv4 or IPv6 NAT address pools
  • Cone NAT for all addresses and ports (fullcone), by address (restricted cone), or by port (port restricted cone)
  • NAT hairpinning
  • FTPALG, DNS ALG, NAPT for ICMP Pings, and ICMP error fixups

Extreme Networks support for NAT provides a practical solution for organizations who wish to streamline their IP addressing schemes. NAT operates on a router connecting a private network to a public network, simplifying network design and conserving IP addresses. NAT can help organizations merge multiple networks together and enhance network security by:

  • Helping to prevent malicious activity initiated by outside hosts from entering the corporate network
  • Augmenting privacy by keeping private intranet addresses hidden from view of the public internet, thereby inhibiting scans
  • Limiting the number of IP addresses used for private intranets that are required to be registered with the Internet Assigned Numbers Authority (IANA)