NAT has several advantages, including:

• NAT conserves the legally registered addressing scheme by allowing the privatization of intranets.
• Increases the flexibility of connections to the public network. Multiple pools, backup pools, and load balancing pools can be implemented to assure reliable public network connections.
• Consistency of the internal network addressing scheme. On a network without private IP addresses and NAT, changing public IP addresses requires the renumbering of all hosts on the existing network. The costs of renumbering hosts can be significant. NAT allows the existing scheme to remain while supporting a new public addressing scheme.

NAT is not without drawbacks. Enabling address translation will cause a loss of functionality, particularly with any protocol or application that involves sending IP address information inside the IP payload. This requires additional support by the NAT device.

NAT increases delay. Switching path delays are introduced because of the translation of each IP address within the packet headers.

Performance may be a consideration because NAT is currently accomplished by using process switching. The CPU must look at every packet to decide whether it has to translate it. The CPU must alter the IP header, and possibly alter the TCP header.

One significant disadvantage when implementing and using NAT is the loss of end-to-end IP traceability. It becomes much more difficult to trace packets that undergo numerous packet address changes over multiple NAT hops. Hackers who want to determine the source of a packet will find it difficult to trace or obtain the original source or destination address.

NAT also forces some applications that use IP addressing to stop functioning because it hides end-to-end IP addresses. Applications that use physical addresses instead of a qualified domain name will not reach destinations that are translated across the NAT router. Sometimes, this problem can be avoided by implementing static NAT mappings.

Cisco IOS NAT supports the following traffic types:

• ICMP
• File Transfer Protocol (FTP), including PORT and PASV commands
• NetBIOS over TCP/IP, datagram, name, and session services
• RealNetworks' RealAudio
• White Pines' CUSeeMe
• Xing Technologies' StreamWorks
• DNS "A" and "PTR" queries
• H.323/Microsoft NetMeeting, IOS versions 12.0(1)/12.0(1)T and later
• VDOnet's VDOLive, IOS versions 11.3(4)11.3(4)T and later 
• VXtreme's Web Theater, IOS versions 11.3(4)11.3(4)T and later 
• IP Multicast, IOS version 12.0(1)T with source address translation only 

Cisco IOS NAT does not support the following traffic types:

• Routing table updates
• DNS zone transfers
• BOOTP
• talk and ntalk protocols
• Simple Network Management Protocol (SNMP)

Interactive Media Activity Checkbox: Issues with NAT When the student has completed this activity, the student will be able to identify issues with the use of NAT.

   

Web Links Verifying NAT Operation and Basic NAT Troubleshooting http://www.cisco.com/en/US/tech/ tk648/tk361/technologies_tech_note 09186a0080094c32.shtml