🌐
CCNA Prep
  • Intro
  • Network Devices
  • Interfaces and Cables
  • OSI Model & TCP/IP Suite
  • Intro to the CLI
  • Ethernet LAN Switching (Part 1)
  • Ethernet LAN Switching (Part 2)
  • IPv4 Addressing (Part 1)
  • IPv4 Addressing (Part 2)
  • Switch Interfaces
  • IPv4 Header
  • Routing Fundamentals
  • The Life of a Packet
  • Subnetting (Part 1)
  • Subnetting (Part 2)
  • Subnetting (Part 3 - VLSM)
  • VLANs (Part 1)
  • VLANs (Part 2)
  • VLANs (Part 3)
  • DTP/VTP
  • Spanning Tree Protocol (Part 1)
  • Spanning Tree Protocol (Part 2)
  • Rapid Spanning Tree Protocol
  • EtherChannel
  • Dynamic Routing
  • RIP & EIGRP
  • OSPF (Part 1)
  • OSPF (Part 2)
  • OSPF (Part 3)
  • First Hop Redundancy Protocols
  • TCP & UDP
  • IPv6 (Part 1)
  • IPv6 (Part 2)
  • IPv6 (Part 3)
  • Standard ACLs
  • Extended ACLs
  • CDP & LLDP
  • NTP
  • DNS
  • DHCP
  • SNMP
  • Syslog
  • SSH
  • FTP & TFTP
  • NAT (Part 1)
  • NAT (part 2)
  • QoS (Part 1)
  • QoS (Part 2)
  • Security Fundamentals
  • Port Security
  • DHCP Snooping
  • Dynamic ARP Inspection
  • LAN Architectures
  • WAN Architectures
  • Virtualization & Cloud, Containers, VRF
  • Wireless Fundamentals
  • Wireless Architectures
  • Wireless Security
  • Wireless Configuration
  • Network Automation
  • JSON, XML, & YAML
  • REST APIs
  • Software-Defined Networking
  • Ansible, Puppet, & Chef
Powered by GitBook
On this page
  • Dynamic NAT
  • PAT

NAT (part 2)

Day 45

PreviousNAT (Part 1)NextQoS (Part 1)

Last updated 1 year ago

Dynamic NAT

In dynamic NAT, the router dynamically maps inside local addresses to inside global addresses as needed. An ACL is used to identify which traffic should be translated. A NAT pool is used to define the available inside global addresses that can be used. Although they are dynamically assigned, the mappings are still one-to-one. If there are not enough inside global addresses available, it is called NAT pool exhaustion.

Configuration

To configure dynamic NAT on Cisco IOS:

  1. Define the inside and outside interfaces and from the interface config mode enter the command ip nat followed by inside - for the internal network, outside - for the external network.

  2. Define the traffic that should be translated by configuring an ACL. Traffic permitted by the ACL is translated. E.g. access-list 1 permit 192.168.0.0 0.0.0.255.

  3. Define the pool of inside global IP addresses - ip nat pool followed by the pool name, the first and the last IP addresses in the range, and the netmask/prefix length. E.g. ip nat pool POOL1 100.0.0.0 100.0.0.255 prefix-length 24.

  4. Configure dynamic NAT by mapping the ACL to the pool - ip nat inside source list followed by the ACL number, keyword pool, and the pool name. E.g. ip nat inside source list 1 pool POOL1.

PAT

PAT (Port Address Translation), aka NAT overload, translates both the IP address and the port number if necessary. By using a unique port number for each communication flow, a single public IP address can be used by many different internal hosts. The router keeps track of which inside local address is using which inside global address and port.

Configuration

PAT is configured the same as dynamic NAT but the keyword overload is added at the end of the ACL to the pool mapping command, e.g. ip nat inside source list 1 pool POOL1 overload.

Another way to configure PAT is to configure the router to use its own public IP address when translating the source IP of packets. First, outside and inside interfaces must be defined. Then an ACL must be created to define the traffic that should be translated. Lastly, PAT is configured by mapping the ACL to the interface and enabling overload, e.g. ip nat inside source list 1 interface g0/0 overload.

8KB
Day 45 Flashcards - NAT (Part 2).apkg
71KB
Day 45 Lab - Dynamic NAT.pkt
Summary
pat demo
summary