Scaling the Network with

NAT and PAT

Private Addressing
 NAT

A NAT-enabled device typically

operates at the border of a stub
network.
Network Address Translation

• An IP address is either local or global.

• Local IP addresses are seen in the inside network.
 NAT Benefits

• Eliminates re-assigning each host a

new IP address when changing to a
new ISP
• Eliminates the need to re-address all
hosts that require external access,
saving time and money
• Conserves addresses through
application port-level multiplexing
• Protects network security
 NAT Terms
• Inside Local Addresses – An IP address assigned
to a host inside a network. This address is likely to
be a RFC 1918 private address.
• Inside Global Address – A legitimate IP address
assigned by the NIC or service provider that
represents one or more inside local IP address to
the outside world.
• Outside Local Address - The IP address of an
outside host as it known to the hosts in the inside
network.
• Outside Global Address - The IP address
assigned to a host on the outside network. The
owner of the host assigns this address.
 NAT Types

• Static NAT
• Dynamic NAT
• NAT Overload (PAT)
 Static NAT

• Static NAT is designed to allow one-to-one

mapping of local and global addresses.
Inside

Outside http://179.9.8.10

10.0.0.10 DA DA
10.0.0.10 179.9.8.10 Internet

NAT Table
10.0.0.2
Inside Local Inside Global
IP Address IP Address
10.0.0.2 179.9.8.80
10.0.0.10 179.9.8.10
 Dynamic NAT

• Dynamic NAT is designed to map a private IP

address to a public address.
Inside

Outside

10.0.0.10 SA
179.8.9.80
Internet
SA
10.0.0.2

10.0.0.2 NAT Table

Inside Local Inside Global
IP Address IP Address
10.0.0.2 179.8.9.80
10.0.0.10 179.9.8.10
 PAT

• PAT uses unique source port numbers on the

inside global IP address to distinguish between
translations.
Inside

Outside 202.6.3.2

10.0.0.3 SA
SA
179.9.8.80:1345 Internet
10.0.0.3:2333
SA

179.9.8.80:2333
126.23.2.2
NAT Table
SA
Inside Local IP Inside Global Outside Local Outside Global
10.0.0.2:1456
Address IP Address IP Address IP Address
10.0.0.2
10.0.0.2:1456 179.9.8.80:1456 202.6.3.2:80 202.6.3.2:80

10.0.0.3:2333 179.9.8.80:2333 126.23.2.2:80 126.23.2.2:80

 Inside/Outside interface

Inside Network Outside Network

Inside
Inside Outside
Outside
Interface
NAT
Interface Interface
Interface
Inside Host Outside Host
ip nat inside ip nat outside

Router(config-if)#ip nat inside

• An interface on the router can be defined as

inside or outside
• Translations occur only from inside to outside
interfaces or vice versa—never between the
same type of interface
 Configuring Static Translation

Router(config)#ip nat inside source static local-ip global-ip

• Establishes static translation between an inside local address

and an inside global address

Router(config-if)#ip nat inside

• Marks the interface as connected to the inside

Router(config-if)#ip nat outside

• Marks the interface as connected to the outside

 Enabling Static NAT
Address Mapping Example
 Configuring Dynamic Translation

Router(config)#ip nat pool name start-ip end-ip

{netmask netmask | prefix-length prefix-length}

• Defines a pool of global addresses to be allocated as needed

Router(config)#access-list access-list-number permit

source [source-wildcard]

• Defines a standard IP access list permitting those inside local

addresses that are to be translated

Router(config)#ip nat inside source list

access-list-number pool name

• Establishes dynamic source translation, specifying the access

list defined in the prior step
Dynamic Address Translation
Example
 Configuring PAT

Router(config)#access-list access-list-number permit

source source-wildcard

• Defines a standard IP access list permitting those inside local

addresses that are to be translated

Router(config)#ip nat inside source list

access-list-number interface interface overload

• Establishes dynamic source translation, specifying the access

list defined in the prior step
 Overloading an Inside
Global Address Example
Clearing the NAT Translation Table

Router#clear ip nat translation *

• Clears all dynamic address translation entries

Router#clear ip nat translation inside global-ip

local-ip [outside local-ip global-ip]

• Clears a simple dynamic translation entry containing an inside

translation, or both inside and outside translation

Router#clear ip nat translation outside

local-ip global-ip

• Clears a simple dynamic translation entry containing an outside translation

Router#clear ip nat translation protocol inside global-ip

global-port local-ip local-port [outside local-ip
local-port global-ip global-port]

• Clears an extended dynamic translation entry

 Displaying Information with show
Commands

Router#show ip nat translations

• Displays active translations

Router#show ip nat translation
Pro Inside global Inside local Outside local Outside global
--- 172.16.131.1 10.10.10.1 --- ---

Router#show ip nat statistics

• Displays translation statistics

Router#show ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
Ethernet0, Serial2.7
Inside interfaces:
Ethernet1
Hits: 5 Misses: 0
…
Sample Problem: Cannot
Ping Remote Host
Solution: New Configuration
Troubleshooting NAT and PAT