NAT or Network Address Translation is a technology that was created to solve the problem of the shortage of IPV4 public Addresses. NAT is allowing the translation of private IP addresses to Public IP addresses. Meaning one or more Public IP addresses can be used for all hosts in one Local Area Network, This way we can save a lot of public IPv4 addresses.
What is the Difference between NAT and PAT
NAT ( Network Address Translation ) is used to translate IP addresses, and PAT ( Port Address Translation) is used to translate port addresses. Today PAT is used more than NAT. Both NAT and PAT can be configured with a range or a pool of public IP addresses to make it dynamic.
1. How to Configure NAT in Cisco Router
There are 2 types of configuration static and dynamic. The central concept is to define the inside and the outside interface of a router. However, The only difference is that in the dynamic method you need to create an access list and an address pool.
Configure Static NAT
In this section, you will learn how to set up and configure static Network Adress Translation technology in a Cisco router. In this lab, we have 3 networks one public 10.0.0.0/29 and two private 192.168.1.0/24 and 192.168.2.0/24. We will configure NAT only in-network LAN1 192.168.1.0/24 to make it simple because it is the same concept in both LAN networks. In addition, we already configured routing for this network, so sure to enable routing in your lab.
NAT separates Internal and External zones, that’s why we need to define them first on the router interfaces.
First access the router R3 on the left and enter the local network (Internal LAN) Interface F0/0.
Router> en Router# config t Router(config)# hostname R3 R3(config)# int f0/0 R3(config-if)# ip nat inside
Now go back and enter the public network Interface and define it as outside.
R3(config)# int Se2/0 R3(config-if)# ip nat oustside
Now do the same to all routers, and define external and internal zones. Then enter the inside interface and add a static relationship between the public address and the private address. In this case, we have already configured all the hosts, and we want to allow mypc1 192.168.1.11 to access outside the network using the public IP address 10.0.0.3
R3(config-if)# ip nat inside source static 192.168.1.11 10.0.0.3
Now to check if it’s working, go to privilege mode and run the command below.
R3# debug ip nat
Note: To stop static nat you can use the command “no” followed by the static configuration command. and to dasble debugging to not be disturbed by messages in your console you can add no before the debug IP nat, like this:
R3(config)# no ip nat inside source static 192.168.1.11 10.0.0.3 R3# no debug ip nat
Configure Dynamic NAT
If you want to configure NAT in a dynamic way. It requires creating an access list because it works with an addressing pool.
First, you need to configure inside and outside interfaces.
Start with creating a standard access list, but before that, you need to disable the static NAT first using the previous command ” no ip nat inside source static 192.168.1.11 10.0.0.3 “.
Create a standard access list to allow traffic of network LAN1 192.168.1.0/24.
R3(config)# access-list 1 permit 192.168.1.0 0.0.0.255
Now you need to create a pool that contains a range of public addresses. Use the command ip nat pool followed by the pool name, the first public IP address, and the end public IP address.
R3(config)# ip nat pool pl1 10.0.0.3 10.0.0.10 netmask 255.255.255.248
Now we combine a command that contains both the access list and the addressing pool. the access list ID we created is 1 and the addressing pool name is pl1.
R3(config)# ip nat inside source list 1 pool pl1
Now first enable debug nat to capture if it’s working then test ping from mypc1 to the computer in lan2.
R3(config)# do debug ip nat
Now if it’s working you can close debug mode.
R3(config)# do no debug ip nat
Now to disable this dynamic IP nat you need to undo the pool and access list creation. Make sure to respect this order.
R3(config)# no access-list 1 permit 192.168.1.0 0.0.0.255 R3(config)# no ip nat pool pl1 10.0.0.3 10.0.0.10 netmask 255.255.0.0 R3(config)# no ip nat inside source list 1 pool pl1
2. How to Configure PAT in Cisco Router
PAT or Port Address Translation is an extension of Network Address Translation, it allows to extend the use of a public IP address by using System Ports. System Ports are logical ports that allow each computer to receive or send data to specific applications or services. There are 65,535 possible port numbers, some were reserved and some are free to use by the host.
PAT also can be configured statically or dynamically. The main difference in configuration is that you only add one command to the end of the previous NAT commands we’ve explained in this article, which is overload. In simple words, to configure PAT in your cisco router, simply add overload command to your nat configuration, as we did below.
Configure Static PAT
To configure static PAT, simply add overload to the static nat configuration command. you can do it like below. We already explained this command in NAT configuration so no need to duplicate it again.
R3(config-if)# ip nat inside source static 192.168.1.11 10.0.0.3 overload
Configure Dynamic PAT
- First, you need to configure inside and outside interfaces.
- You need to create an access list.
- You need to create a pool that contains a range of public addresses.
- combine the access list and the address pool then add overload after it.
R3(config)# access-list 1 permit 192.168.1.0 0.0.0.255 R3(config)# ip nat pool pl1 10.0.0.3 10.0.0.10 net mask 255.255.255.248
Now we combine a command that contains both the access list and the pool, then add “overload“. this is the main difference between PAT and dynamic NAT.
R3(config)# ip nat inside source list 1 pool pl1 overload
Finally, test if it’s working with debug command and then ping.
R3(config)# do debug ip nat
We hope this guide helps you to learn about NAT and PAT. So feel free t leave a comment or share this article with your friends.