DistributedNetworks DistributedNetworks

NAT Protocol  «Prev  Next»
Lesson 4Design Decisions for a functional NAT Solution
Objective Describe how to design a functional NAT Solution

Design Decisions for a functional NAT Solution

When designing a functional solution based on a NAT server, you need to take into consideration what is required and what the NAT service can provide. Think about issues relating to security, the number of network hosts, the address class of network hosts, the protocols required by network clients, and inbound and outbound access controls.
After compiling your list of requirements, you must assess the functionality of the NAT service. If it is able to meet all of your requirements, it will provide an Internet access solution for your internal network computers. If NAT service does not meet your requirements, you must assess what network functionality you can do without or decide to implement a solution other than NAT.

Design decisions for a NAT solution

One of the major criteria upon which you will base your decision to use NAT is the size of your internal network. NAT is an appropriate solution for Internet connectivity when:
  1. Internet access by internal users and access to the private network by Internet users is not restricted on a user-by-user basis. NAT is not integrated with Active Directory or local SAM security, and you cannot place access controls based on user or security group membership.
  2. The private network consists of any number of users in a nonrouted environment.
  3. The organization uses private addressing for the computers on the private network.

Designing a functional NAT solution

Your design decisions establish the essential aspects of your NAT solution and provide the foundation for your Internet-connectivity design. You make these decisions by:
  1. Determining the placement of the NAT server and the IP address, the type of persistence of the external network interface, and data rate of the NAT server's internal and external network interfaces
  2. Selecting the appropriate method of automatic IP-address assignment and DNS name resolution feature options
Question: Can you establish access controls on internal or external network users with a NAT implementation?
Answer: No. If you require authentication as part of the translated network connection plan, you should consider using a proxy server.
In the next lesson, you will learn about the processes required to integrate NAT with other services in Windows 10.