Cisco IOS Network Address Translation (NAT) is primarily designed for IP address conservation and network design simplification, but it also serves as a security mechanism by hiding a host's IP address and ports as part of a private network. The application enables a private network that uses unregistered (private) IP addresses to connect to the Internet and allows overlapping addressing schemes to communicate with each other.
Part of the Cisco IOS Integrated Threat Control framework, NAT operates on routers and switches by connecting two network segments and translating the private addresses in the internal network to the public address on the external network. It can be configured to show to the outside world only one address for the entire network.
- Enhances network security -- Provides a first layer of defense from external attackers by hiding IP addresses and application ports
- Increases network scale -- Offers scalability by conserving IP address space and making IP addresses reusable through IP address overloading
- Lowers operating costs -- Eases provisioning and troubleshooting by enforcing consistent network design across locations, even with mergers and acquisitions, by letting the two or more different networks communicate with each other transparently