Professional Documents
Culture Documents
Types of NAT:
1. Static NAT
2. Dynamic NAT
3. Port Address Translation (PAT) – aka NAT Overload: 2 methods – pool and interface.
STATIC NAT
Steps Commands Explanation Details
Enter in g0/1 interface config Useful commands:
Router(config)#int g0/1
Define the inside interface(s) mode Show ip nat statistics
connected to the internal Define g0/1 interface as the Show ip nat translations
network Router(config-if)#ip nat inside inside interface connected to the Clear ip nat translations *
local network Show run | include nat
Enter in g0/0 interface config
Router(config)#int g0/0
Define the outside mode
interface(s) connected to the Define g0/0 interface as the
external network Router(config-if)#ip nat outside outside interface connected to the
external network
Map public IP address of
Router(config)#ip nat inside source static
100.0.0.1 to 192.168.0.167 private
192.168.0.167 100.0.0.1
Configure the one-to-one IP IP address
address mappings Map public IP address of
Router(config)#ip nat inside source static
100.0.0.2 to 192.168.0.168 private
192.168.0.168 100.0.0.2
IP address
Verify the NAT table Router#show ip nat translations Shows NAT table
1 of 3
DYNAMIC NAT
Steps Commands Explanation Details
Enter in g0/1 interface config Useful commands:
Router(config)#int g0/1
Define the inside interface(s) mode Show ip nat statistics
connected to the internal Define g0/1 interface as the Show ip nat translations
network Router(config-if)#ip nat inside inside interface connected to the Clear ip nat translations *
local network Show run | include nat
Enter in g0/0 interface config
Router(config)#int g0/0
Define the outside mode
interface(s) connected to the Define g0/0 interface as the
external network Router(config-if)#ip nat outside outside interface connected to the
external network
Create access list 1 – permit
Define the traffic that should Router(config)#access-list 1 permit 192.168.0.0 traffic permitted by the ACL
traffic from 192.168.0.0/24
be translated 0.0.0.255 1 will be translated
network
You can use prefix-length
Define the pool of inside Router(config)#ip nat pool POOL1 100.0.0.0 Define the pool of inside global
24 or netmask
global IP addresses 100.0.0.255 prefix-length 24 IP addresses used for translations
255.255.255.0
Apply ACL 1 to the POOL1 –
Configure dynamic NAT by Router(config)#ip nat inside source list 1 pool
traffic permitted by the ACL 1
mapping the ACL to the pool POOL1
should be translated, the other not
Verify the NAT table Router#show ip nat translations Shows NAT table
2 of 3
Steps Commands Explanation Details
Enter in g0/0 interface config
Router(config)#int g0/0
Define the outside mode
interface(s) connected to the Define g0/0 interface as the
external network Router(config-if)#ip nat outside outside interface connected to the
external network
Create access list 1 – permit
Define the traffic that should Router(config)#access-list 1 permit 192.168.0.0 traffic permitted by the ACL
traffic from 192.168.0.0/24
be translated 0.0.0.255 1 will be translated
network
Define the pool of inside Router(config)#ip nat pool POOL1 100.0.0.0 Define the pool of inside global
global IP addresses 100.0.0.3 prefix-length 24 IP addresses used for translations
Apply ACL 1 to the POOL1 –
Configure PAT by mapping Router(config)#ip nat inside source list 1 pool
traffic permitted by the ACL 1 Use overload keyword
the ACL to the pool POOL1 overload
should be translated, the other not
Verify the NAT table Router#show ip nat translations Shows NAT table
3 of 3
Steps Commands Explanation Details
Verify the NAT table Router#show ip nat translations Shows NAT table
4 of 3