Chapter 18
Configuring NAT and PAT
powered by DJ
1
Chapter Objectives
At the end of this Chapter you will be able to:
Implementing Network Addresses Translation (NAT)
Implementing Port Address Translation (PAT)
powered by DJ
2
Network Address Translation (NAT)
When Do We Use NAT?
NAT is typically used on a border router. Here’s a list of situations when
it’s best to have NAT on your side:

You need to connect to the Internet and your hosts don’t have globally
unique IP addresses.

You change to a new ISP that requires you to renumber your network.

You need to merge two intranets with duplicate addresses.
powered by DJ
3
Where to configure NAT
powered by DJ
4
Advantages and Disadvantages of Implementing NAT
powered by DJ
5
Types of Network Address
There are three types of NAT:
Translation

Static NAT
This type of NAT is designed to allow one-to-one mapping between local
and global addresses. Keep in mind that the static version requires you to
have one real Internet IP address for every host on your network.

Dynamic NAT
This version gives you the ability to map an unregistered IP address to a
registered IP address from out of a pool of registered IP addresses.
powered by DJ
6

Overloading

This is the most popular type of NAT configuration. Understand that
overloading really is a form of dynamic NAT that maps multiple
unregistered IP addresses to a single registered IP address—many-to-one—
by using different ports.it’s also known as Port Address Translation (PAT).
And by using PAT (NAT Overload), you get to have thousands of users
connect to the Internet using only one real global IP address.
powered by DJ
7
How NAT Works:

To understand How Nat works, consider the figure:
Basic NAT translation
powered by DJ
8

NAT overloading example
To understand Nat overloading, consider the following figure,
(PAT)
powered by DJ
NAT Overloading
9
Static NAT Configuration

ip nat inside source static 10.1.1.1 170.46.2.2

interface Ethernet0

ip address 10.1.1.10 255.255.255.0

ip nat inside

interface Serial0

ip address 170.46.2.1 255.255.255.0

ip nat outside
powered by DJ
10
Dynamic NAT Configuration

ip nat pool hcl 170.168.2.2 170.168.2.254

netmask 255.255.255.0

ip nat inside source list 1 pool hcl

interface Ethernet0

ip address 10.1.1.10 255.255.255.0

ip nat inside

interface Serial0

ip address 170.168.2.1 255.255.255.0

ip nat outside

access-list 1 permit 10.1.1.0 0.0.0.255
powered by DJ
11
PAT (Overloading)
ip nat pool globalnet 170.168.2.1 170.168.2.1
Configuration


netmask 255.255.255.0

ip nat inside source list 1 pool globalnet overload

interface Ethernet0/0

ip address 10.1.1.10 255.255.255.0

ip nat inside

interface Serial0/0

ip address 170.168.2.1 255.255.255.0

ip nat outside

access-list 1 permit 10.1.1.0 0.0.0.255
powered by DJ
12
Simple Verification of NAT

Router# show ip nat translation

Router#debug ip nat

To clear your NAT entries from the translation table, use the following
command:

clear ip nat translation

To clear all entries from the NAT table, use an asterisk (*) at the end of
the command.
powered by DJ
13
Configuring NAT Using SDM
There is more than one wizard. Again you get to pick between basic and
advanced:

Basic NAT Use this wizard if you have some basic PCs/hosts on your trusted
network that need access to the Internet. This wizard will guide you
through the process of creating a basic NAT configuration.

Advanced NAT If you have servers on your inside network and the users
from the outside need to access, you definitely want to opt for the
Advanced NAT configuration.
powered by DJ
14
The first screen is the Create NAT Configuration screen15
powered by DJ
Basic NAT Wizard is going to do.
Now click Next to get to a screen from which I’m able to select
all my
16
inside and outside addresses.
powered by DJ
Sharing the Internet Connection
powered by DJ
Finally, click Finish and it is done.
17
THANK YOU
powered by DJ
18