The process of translating inside local addresses

FIGURE 3 . 2 The process of translating inside local addresses
The six-step process illustrated in Figure 3.2 is as follows:
1. Device at IP address 10.1.2.25 sends a packet and attempts to open a connection to
206.100.29.1.
2. When the first packet arrives at the NAT border router, it first checks to see if there is an
entry for the source address that matches one in the NAT table.
3. If a match is found in the NAT table, it continues to step 4. If a match is not found, the NAT
router uses an address from its pool of available IP addresses. A simple entry is created that
associates an inside IP address to an outside IP address. In this example, the NAT router
will associate the address of 10.1.2.25 to 200.1.1.25.
4. The NAT border router then replaces the inside IP address of 10.1.2.25 with the global IP
address 200.1.1.25. This makes the destination host send returning traffic back to 200.1.1.25,
which is a registered IP address on the Internet.
5. When the host on the Internet with the IP address 206.100.29.1 replies to the packet,
it uses the IP address assigned by the NAT router as the destination IP address, which
is 200.1.1.25.
1
10.1.2.25
10.1.2.26
10.1.2.27

6. When the NAT border router receives the reply from 206.100.29.1 with a packet destined
for 200.1.1.25, the NAT router again checks its NAT table. The NAT table will show that
the inside local IP address of 10.1.2.25 should receive this packet and will replace the inside
global destination IP address in the header and forward the packet to the inside local destination
IP address.
Steps 2 through 6 are repeated for each individual packet. The destination host could also be
behind a NAT device and might be actually using the same address space as the host that initiated
the traffic. The source will never know because NAT is transparent to the hosts involved.