Home CCNA Network Address Translation (NAT) & RFC 1918 Private IPv4 Addresses – Exclusive Introduction
Network Address Translation (NAT) diagram showing private IP 203.0.113.10 translated to public IP 192.168.50.90 via router
CCNA

Network Address Translation (NAT) & RFC 1918 Private IPv4 Addresses – Exclusive Introduction

Asad Ijaz

NetworkUstad's lead networking architect with CCIE certification. Specializes in CCNA exam preparation and enterprise network design. Authored 2,800+ technical guides on Cisco systems, BGP routing, and network security protocols since 2018. Picture this: I'm not just someone who writes about tech; I'm a certified expert in the field. I proudly hold the titles of Cisco Certified Network Professional (CCNP) and Cisco Certified Network Associate (CCNA). So, when I talk about networking, I'm not just whistling in the dark; I know my stuff! My website is like a treasure trove of knowledge. You'll find a plethora of articles and tutorials covering a wide range of topics related to networking and cybersecurity. It's not just a website; it's a learning hub for anyone who's eager to dive into the world of bits, bytes, and secure connections. And here's a fun fact: I'm not a lone wolf in this journey. I'm a proud member and Editor of Team NetworkUstad. Together, we're on a mission to empower people with the knowledge they need to navigate the digital landscape safely and effectively. So, if you're ready to embark on a tech-savvy adventure, stick around with me, Asad Ijaz Khattak. We're going to unravel the mysteries of technology, one article at a time!"

5 min read

All public IPv4 addresses must be registered with a Regional Internet Registry (RIR). The registered holder of a public Internet address can assign these addresses to a network device. There is a maximum of 4.3 billion IPv4 addresses available. Still, with the increase of personal computing and the beginning of the World Wide Web, it soon became clear that 4.3 billion IPv4 addresses would not be enough.

Table of Contents

The long-term solution for the shortage was IPv6, but urgent solutions to address exhaustion were required. So, for the short term, the IETF implemented numerous solutions, including Network Address Translation (NAT), Port Address Translation, and RFC 1918 private IPv4 addresses.

Exam Topics:

  • CCNA 200-301: 3.5 (Configure and verify NAT), 1.2 (IPv4 addressing)
  • CCNP ENARSI 300-410: 3.2.b (NAT/PAT, NAT64, troubleshooting)

Quick Win: NAT is the bridge between RFC 1918 private networks and the public Internet. Learn inside/outside terminology, NAT types, and Cisco CLI configuration — all in one lab-ready guide.

RFC 1918 Private IPv4 Address Ranges

RFC 1918 defines non-routable private IP ranges reserved for internal networks. These addresses are not unique — millions of organizations use 192.168.1.0/24 — and are never advertised on the public Internet.

ClassPrivate Range (RFC 1918)CIDR PrefixUsable HostsSubnet Example
A10.0.0.0 – 10.255.255.25510.0.0.0/816,777,21410.1.1.0/24 → 254 hosts
B172.16.0.0 – 172.31.255.255172.16.0.0/121,048,574172.16.10.0/23 → 510 hosts
C192.168.0.0 – 192.168.255.255192.168.0.0/1665,534192.168.1.0/25 → 126 hosts

Pro Tip (CCNA): The 10.0.0.0/8 block equals one full Class A — ideal for large enterprise headquarters.

Private IP addresses are used to communicate between devices within an organization locally and are routed over the Internet because they do not identify any single company or organization. To route a private IP address to the Internet, it must first be translated to a public address.

Network Address Translation (NAT) is the technique for translating private addresses to public addresses and vice versa. Network Address Translation (NAT) allows a device configured with a private IPv4 address to access network resources outside their private or local network.

The Internet is one big example of NAT. It is a valuable method of preserving public IPv4 addresses because we can use and share a single public IPv4 address with hundreds and thousands of private IPv4 addresses. NAT temporarily solves the exhaustion of IPv4 address space. The permanent solution to the exhaustion of IPv4 address space is the transition to IPv6. The figure below illustrates the NAT process.

Diagram showing how Network Address Translation (NAT) works: a PC with private IP 192.168.1.10 and source port 49152 sends traffic through a NAT router, which translates it to public IP 203.0.113.10 and forwards it to an Internet server at 8.8.8.8.
This diagram illustrates how NAT translates a private IP address and port (192.168.1.10:49152) into a public IP and port (203.0.113.10:49152), enabling communication with an Internet server (8.8.8.8:80).

What is Network Address Translation (NAT)?

Many users use Network Address Translation (NAT) most crucially to conserve public IPv4 addresses. NAT conserves public IPv4 addresses by allowing networks to use private IPv4 addresses internally and translating private IPv4 into a public address only when required. NAT hides internal private IPv4 addresses from an outside public network, which provides extra privacy and security to a network.

The router configured with NAT requires one or more public IPv4 addresses, which are known as the NAT pool. When an internal device sends traffic from the private IP address out of the network, the router configured with NAT translates the internal IPv4 address of the device into a public address from the NAT pool. When receiving the reply from outside to that public IPv4 address, the NAT-enabled router translates the public IPv4 address into a private IPv4 address.

A Network Address Translation (NAT) router is typically required at the border of a stub network. We have already discussed the stub network in one of my previous articles. It is a network providing only one way to its neighboring network, one way in, and one way out of the network. The figure below illustrates the stub network and NAT-enabled router.

When someone wants to communicate outside the stub networks, the device sends the packet to the border router, which is NAT-enabled. The NAT-enabled border router translates the private IPv4 address of the stub network into a public IPv4 address.

Network diagram showing a stub network with two laptops connected to a switch, which links to a router. The router connects to another router interfacing with the Internet cloud, where a server is also connected.
This diagram illustrates a stub network setup: two laptops connect to a switch, which routes traffic through a NAT-enabled router to the Internet cloud, enabling communication with external servers.

FAQs

What is the main purpose of Network Address Translation (NAT)?

NAT conserves public IPv4 addresses by allowing thousands of private devices to share one public IP. It translates private IPs to public when accessing the Internet and hides internal topology for security.

Why can’t private IPs be used directly on the Internet?

RFC 1918 private IPs (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) are not globally unique and are filtered by ISPs per BCP 38. NAT translates them to routable public IPs at the border router.

What is a NAT pool and when is it used?

A NAT pool is a range of public IPs configured on a router (e.g., 203.0.113.10–15). Used in dynamic NAT to map multiple private IPs without port overloading, common in enterprise environments.

What is a stub network in the context of NAT?

A stub network has only one exit path to the outside world. NAT is typically deployed on the border router of a stub network to translate all outbound traffic to a public IP before reaching the ISP.

How does PAT differ from basic NAT?

Basic NAT maps one private IP to one public IP. PAT (overload) maps many private IPs to one public IP using unique port numbers, enabling thousands of simultaneous connections (e.g., home Wi-Fi).

🏆 Your Progress

Level 1
🔥 0 day streak
📚
0 Articles
0 Points
🔥
0 Current
🏅
0 Best Streak
Level Progress 0 pts to next level
🎖️ Achievements
🥉 Starter
🥈 Reader
🥇 Scholar
💎 Expert

More from CCNA

Articles tailored to your interests in CCNA

Forum