Configure NAT/PAT

3.4 IP Services

📘CCNP Encore (350-401-ENCORE-v1.1)

NAT (Network Address Translation) and PAT (Port Address Translation) are critical IP services used in networking to allow devices on a private network to communicate with external networks like the Internet. Understanding and configuring NAT/PAT is essential for the CCNP exam.

1. What is NAT?

NAT (Network Address Translation) is a process that changes the IP addresses of packets as they pass through a router or firewall.

  • Used mainly to conserve public IP addresses.
  • Allows internal private IPs (like 192.168.1.0/24) to communicate with public networks.

There are different types of NAT:

a. Static NAT

  • One-to-one mapping between private IP → public IP.
  • Example in IT: A web server inside your company has a private IP 192.168.1.10. You assign it a public IP 203.0.113.10 so users on the Internet can access it.
  • Config: Good for servers or devices that need to be reachable from outside.

b. Dynamic NAT

  • Maps private IPs → public IPs from a pool of available public IPs.
  • One-to-one mapping, but the public IP is chosen from the pool dynamically.
  • Limitation: If there are more private IPs than public IPs, some users may not get access.

2. What is PAT? (NAT Overload)

PAT (Port Address Translation) is also called NAT overload.

  • Maps multiple private IPs → a single public IP using different port numbers.
  • Example in IT:
    • Employees at your company have private IPs like 192.168.1.10, 192.168.1.11, 192.168.1.12.
    • They all access the Internet using one public IP 203.0.113.5.
    • Router keeps track of which port corresponds to which internal IP.

Why it’s used: Most companies have more internal devices than public IP addresses, so PAT helps save IP addresses.

3. How NAT/PAT Works in Networking

Let’s use IT-specific logic:

  • Internal device wants to access a website on the Internet.
  • Router uses NAT or PAT to translate the private IP to a public IP.
  • Router keeps a translation table to track connections.
  • When a response comes back, the router maps it back to the original private IP.

Important points:

  • NAT hides internal IPs, providing security.
  • PAT allows many users to share one public IP, saving resources.
  • NAT tables are crucial for troubleshooting: show ip nat translations.

4. Configuring NAT/PAT on Cisco Routers

Here’s how you would configure NAT/PAT for the exam.

Step 1: Define inside and outside interfaces

Router> enable
Router# configure terminal
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# ip nat inside
Router(config-if)# exit

Router(config)# interface GigabitEthernet0/1
Router(config-if)# ip address 203.0.113.5 255.255.255.0
Router(config-if)# ip nat outside
Router(config-if)# exit
  • ip nat inside = private network side
  • ip nat outside = public network side

Step 2: Configure Static NAT (example for a server)

Router(config)# ip nat inside source static 192.168.1.10 203.0.113.10
  • Maps internal server 192.168.1.10 → public IP 203.0.113.10.
  • Now the server is reachable from outside.

Step 3: Configure Dynamic NAT (example for multiple users)

Router(config)# ip nat pool MYPOOL 203.0.113.20 203.0.113.25 netmask 255.255.255.0
Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255
Router(config)# ip nat inside source list 1 pool MYPOOL
  • Creates a pool of public IPs (203.0.113.20-25)
  • Maps private IPs in ACL 1 to this pool dynamically

Step 4: Configure PAT / NAT Overload

Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255
Router(config)# ip nat inside source list 1 interface GigabitEthernet0/1 overload
  • Uses one public IP (Gig0/1 IP) for multiple private IPs.
  • Adds overload keyword → enables PAT.

Step 5: Verify NAT/PAT

Router# show ip nat translations
Router# show ip nat statistics
  • Check which private IPs are mapped to which public IP/ports.
  • Useful for troubleshooting.

5. Key Points to Remember for the Exam

  1. ip nat inside / ip nat outside – always configure interfaces first.
  2. Static NAT = fixed one-to-one mapping (good for servers).
  3. Dynamic NAT = pool of public IPs (one-to-one dynamic mapping).
  4. PAT / NAT overload = multiple private IPs → single public IP (many-to-one).
  5. Access lists are required for dynamic NAT/PAT to define which internal IPs get translated.
  6. Troubleshooting commands:
    • show ip nat translations → current NAT/PAT mappings
    • show ip nat statistics → counts and NAT usage

Summary in simple terms:

  • NAT hides your internal network and allows communication with external networks.
  • PAT lets many internal devices share a single public IP using port numbers.
  • Cisco NAT config always involves:
    1. Identifying inside/outside interfaces
    2. Creating a static/dynamic mapping
    3. Using ACLs for dynamic or overload NAT
  • Verification commands are crucial for troubleshooting.
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by