What is NAT?
NAT (Network Address Translation) is a technology most commonly used by firewalls and routers to allow multiple devices on a LAN with 'private' IP addresses to share a single public IP address. A private IP address is an address, which can only be addressed from within the LAN, but not from the Internet outside the LAN. In order to let a device with a private IP address communicate with other devices on the Internet, there needs to be a translation between private and public IP addresses at the point where the LAN connects to the Internet, that is within the firewall/router connecting the LAN to the Internet. Such a translation is commonly referred to as NAT (for Network Address Translation) and a router doing such translation is often called a NAT router or NAT firewall/router. Sometimes NAT is also called IP Masquerading. The passing of traffic through NAT is called NAT Traversal.
The way NAT works is in principle rather simple. When a device on the LAN initiates a connection with a device on the Internet, the device will send all traffic to the NAT router first. The NAT router then replaces the source address, which is the device's private address, with its own public address before passing the traffic to its destination on the Internet. When a response is received, the NAT router searches its translation tables to find the original source address of the packet from which the device on the LAN originally started the connection and thus passes the response to that device.
Unfortunately, when a connection is originated by a device on the Internet outside the LAN it is not clear which device on the LAN the connection is meant to be established with. In this case there needs to be some rule that tells the NAT router what to do with the incoming traffic, otherwise it will simply discard the traffic and no connection will be established. If the NAT router supports what is commonly referred to as a 'software DMZ' it can handle simple rules, such as "pass all incoming connection requests to the device with address 192.168.0.2". Another technique, called port forwarding allows the NAT router to pass incoming connection requests to different devices on the LAN depending on the type of connection (ie web or mail connection). However, if there are multiple devices on the LAN to which a certain type of connection from outside may need to be established, then neither a software DMZ nor port forwarding will be sufficient
Common Problems:
1) Can Ping Host, but Cannot Telnet
2) Cannot Ping Beyond NAT
3) Can Ping One Router But Not Another
4) Outside Network Devices Cannot Communicate with Inside Routers
How To Troubleshoot
1) Based on the configuration, clearly define what NAT is supposed to achieve. At this point you may determine that there is a problem with the configuration.
2) Verify that correct translations exist in the translation table.
3) Use the show and debug commands to verify that the translation is occurring.
4) Review in detail what is happening to the packet and verify that routers have the correct routing information to move the packet along.
Please visit my profile for other tutorials.
Ref:
Cisco : http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094c32.shtml
Good Ones:
