-----------------------------------------------------------------------------------

------------
NAT--------------------------------------------------------------------------------
----------------------

NAT is a process that we can translate IP address from one to another one
For example: Translating Private IPV4 addresses (Local LAN) to Public IPV4 address
(Private is not routable over the internet)

NAT process is doing from private to public and public to private

-----------------------------------------------------------------------------------
--About the NAT
process----------------------------------------------------------------------------
---------

Final device never sees the real IP address (Assigned IP address)

Router (NAT device) will do translate and un-translate process (We need to have an
entry NAT table)
NAT is kind of security feature
IP address will not the same before and after NAT (We can change Source or
Destination IP address)

Inside Network: Usually an organization's LAN.

Outside Network: Usually, the internet but it can be any network.

Local Address (Before translation): It is the way that we see a device on the same
network (without NAT)
Global Address (After translation): It is the way the we see a device on a
different network (With NAT)

-----------------------------------------------------------------------------------
----------Types of
NAT--------------------------------------------------------------------------------
-------------

----------------------Static------------------------------

One to one mapping from local address to global address

It is an static manual configuration
It will be always on the NAT table
You will do NAT to the devices that you manual configure (Any other device will not
do NAT process, unless you do the manual configuration)

It is bidirectional at the beginning

inside local: private source IP address or before the translation

inside global: public source IP address or after the translation

outside local: public destination IP address or before the translation

outside global: private destination IP address or after the translation

-------------------Dynamic-----------------------------

Many to many (one to one) mapping from group local address to global addresses
It is an dynamic configuration
It wont be always on the NAT table
It is unidirectional at the beginning, after that, it will be bidirectional
inside local: private source IP address or before the translation
inside global: public source IP address or after the translation

outside local: public destination IP address or before the translation

outside global: private destination IP address or after the translation

----------------------PAT--------------------------------------

Many to one mapping from group local address to single global address

It could be dynamic or static (We can change the port)

It is applied the same rules like static or dynamic nat

------------------------------NAT Configuration------------------------------------

---Static-----
1. Configure NAT inside for ingressing interface (Private interface) ip nat inside
interface configuration mode

2. Configure NAT outside for egressing interface (Public interface) ip nat outside
interface configuration mode

3. Configure Static NAT statement. Ip nat inside source static inside-local inside-
global global configuration mode

Arriving inside interface and ip nat inside: we will nat the source
Arriving outside interface and ip nat inside: we will nat the destination
Arriving outside interface and ip nat outside: we will nat the source
Arriving inside interface and ip nat outside: we will nat the destination

show ip nat translations: We can see all the translations on the device.
show ip nat statistics: We can see the number of the translations (packets).

---Dynamic----

1. Configure NAT inside for ingressing interface (Private interface) ip nat inside
interface configuration mode

2. Configure NAT outside for egressing interface (Public interface) ip nat outside
interface configuration mode

3. Configure the NAT address pool. Ip nat pool name-pool first-address last-address
netmask subnet-mask global configuration mode

4. Configure the access-list global configuration mode

5. Configure Dynamic NAT statement (Associated the NAT pool and ACL) ip nat inside
source list acl-number pool pool-name

----Dynamic PAT---------

1. Configure NAT inside for ingressing interface (Private interface) ip nat inside
2. Configure NAT outside for egressing interface (Public interface) ip nat outside

3. Configure the NAT address pool. Ip nat pool name-pool first-address last-address
netmask subnet-mask (optional)

4. Configure the access-list

5. Configure Dynamic PAT statement (Associated the NAT pool and ACL) ip nat inside
source list acl-number pool pool-name overload or Ip nat inside source list
<acl_name> interface <interface type> overload

---Static PAT-----

1. Configure NAT inside for ingressing interface (Private interface) ip nat inside
interface configuration mode

2. Configure NAT outside for egressing interface (Public interface) ip nat outside
interface configuration mode

3. Configure Static NAT statement. Ip nat inside source static <tcp|udp> inside-
local inside-global global configuration mode

--------------NAT troubleshooting--------------------

Reversed inside and outside

Static NAT
Dynamic NAT (ACL)
PAT
ACL blocking the traffic on the interface
User traffic required
IPv4 Routing