Network Address Translation (NAT)

Network address translation (NAT) translates one set of IP addresses to another set. NAT is typically used to:

• Hide the internal topology of a network - When the network's private (unregistered) addresses are translated to a set of public (registered) addresses, all traffic appears to come from this set of public addresses rather than from the network's private addresses.

• Use the public addresses assigned to a site efficiently - Many sites have a limited set of registered addresses assigned to them by their Internet service provider (ISP). With NAT you can use those addresses efficiently to support a large internal network. In this case, the addresses of the internal network are translated to the smaller set of registered addresses assigned by the ISP.

• Prevent having to renumber host addresses when changing ISPs - NAT enables you to map your old public addresses to the new set of registered addresses assigned by your new ISP.

• Use private or unregistered addresses on your internal network - The Internet Assigned Number Authority (IANA) has reserved the address ranges 10.0.0.0 through 10.255.255.255, 172.16.0.0 through 172.31.255.255, and 192.168.0.0 through 192.168.255.255 for use in private networks. NAT enables you to use these addresses in your internal network, yet still communicate with other networks by mapping those internal addresses into the registered addresses assigned to your site.

NAT modifies the address fields in the IP header of the packet as it passes through the Screen. It also modifies the checksum and sequence number fields in the packet. Certain protocols (such as ftp) also require that data within the packet containing address information be modified.