The Lazy Networker

Sign In

๐ŸŒ NAT Types & PAT Configuration in Cisco Routers

NAT (Network Address Translation) allows private IP addresses to communicate with public networks like the Internet. PAT (Port Address Translation) is a form of NAT that uses port numbers to map multiple private IPs to a single public IP.

๐Ÿ” Types of NAT in Cisco

1๏ธโƒฃ Static NAT (One-to-One)

https://media.geeksforgeeks.org/wp-content/uploads/20221015171237/1NATTopology.jpg
https://www.manageengine.com/network-configuration-manager/images/static-NAT.jpg

Configuration Example

interface g0/0
 ip address 203.0.113.2 255.255.255.252
 ip nat outside

interface g0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside

ip nat inside source static 192.168.1.10 203.0.113.10

2๏ธโƒฃ Dynamic NAT (Many-to-Many)

https://www.practicalnetworking.net/wp-content/uploads/2017/10/dynamic-nat-outbound.png
https://media.geeksforgeeks.org/wp-content/uploads/20221015171237/1NATTopology.jpg

Configuration Example

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat pool PUBLIC_POOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0

ip nat inside source list 1 pool PUBLIC_POOL

3๏ธโƒฃ PAT (NAT Overload) โ€“ Many-to-One

https://www.networkacademy.io/sites/default/files/2024-10/nat-overload-pat.png
https://cdn.networkacademy.io/sites/default/files/2024-10/nat-overload-pat-example.svg

โš™๏ธ PAT Configuration (Most Common)

๐Ÿ”น Using Interface IP (Recommended)

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface g0/0 overload

๐Ÿ”น Using Public IP Pool

ip nat pool PAT_POOL 203.0.113.50 203.0.113.50 netmask 255.255.255.0

ip nat inside source list 1 pool PAT_POOL overload

๐Ÿ”„ Inside vs Outside Interfaces (Mandatory)

interface g0/0
 ip nat outside

interface g0/1
 ip nat inside

๐Ÿ“Œ NAT Terms (Quick Reference)

TermMeaning
Inside LocalPrivate IP (192.168.x.x)
Inside GlobalPublic IP assigned by NAT
Outside LocalPublic IP as seen inside
Outside GlobalActual Internet IP

๐Ÿงช Verification & Troubleshooting

show ip nat translations
show ip nat statistics
clear ip nat translation *
debug ip nat

๐Ÿšฆ Real-World Scenario (Home / Lab)

access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface g0/0 overload

โœ” This single command enables Internet for the entire LAN.

โš ๏ธ Common Mistakes

โŒ Forgetting ip nat inside / outside
โŒ ACL mismatch (wrong subnet)
โŒ NAT applied on wrong interface
โŒ Missing overload keyword for PAT

๐Ÿง  CCNA / CCNP Exam Tips

renjithbs Avatar

Posted by

renjithbs

Leave a comment