Network Address Translation (NAT) Services: Carrier Grade Network Address Translation (CGNAT)
Most hosts at Stanford University using private Internet addresses initiating connections to non-Stanford University addresses should use the CGNAT service. Stanford University private Internet addresses are translated to ephemeral public Internet addresses in order to provide connectivity between hosts across autonomous system boundaries. All systems using the CGNAT service will be translated to the same public Internet address pools. Sometimes the CGNAT service is referred to as Central NAT.
The CGNAT service is configured to automatically translate connections initiated from within the following Internet address ranges:
10.104.0.0/14 (10.104.0.0 – 10.107.255.255) 10.108.0.0/14 (10.108.0.0 – 10.111.255.255) 10.112.0.0/14 (10.112.0.0 – 10.115.255.255) 10.124.0.0/14 (10.124.0.0 – 10.127.255.255)
The CGNAT service also supports translations initiated from Stanford University allocated private Internet addresses not listed above on a per request basis.
The Firewall NAT service should be used when systems at Stanford University using private Internet addresses need to connect to external services that require specific source addresses. Systems using the Firewall NAT service will be translated to public Internet address pools that are distinct for each firewall zone.
Firewall NAT is enabled on a per request basis.