Chapter 9:

Network Address Translation

(NAT)
CISCO CERTIFIED NETWORK ASSOCIATE (CCNA) TRAINING
Agenda

NAT Introduction
NAT Concept
NAT Configuration
NAT Troubleshooting

2
NAT Introduction

3
 When Do We Use NAT?

NAT, defined in RFC 3022, allows a host that does not have a valid, registered, globally unique IP address to
communicate with other hosts through the Internet.
The original intention for NAT was to slow the depletion of available IP address space by allowing many private IP
addresses to be represented by some smaller number of public IP addresses
When an organization changes its Internet service provider (ISP) and the networking manager doesn’t want the
hassle of changing the internal address scheme
Typically use NAT on a border router

4
 Advantages and Disadvantages of NAT

Advantages Disadvantages

Conserves legally registered addresses Translation introduces switching path delays

Reduces address overlap occurrence Loss of end-to-end IP traceability
Increases flexibility when connecting to Internet Certain applications will not function with NAT
enabled
Eliminates address renumbering as network changes

5
NAT Concept

6
 NAT Terminology
Addresses used after NAT translations are called global addresses
These are usually the public addresses used on the Internet
Local addresses are the ones we use before NAT translation
Inside local address is actually the private address of the sending host that’s trying to get to the Internet
Outside local address is the address of the destination host
After translation, the inside local address is then called the inside global address and the outside global address
then becomes the name of the destination host

7
 NAT Terminology
Names Meaning
Inside local Name of inside source address before translation
Outside local Name of destination host before translation
Inside global Name of inside host after translation
Outside global Name of outside destination host after translation

8
How NAT Works

• An IP address is either local or global.

• Local IP addresses are seen in the inside network.

9
 Static NAT
With the IP addresses statically mapped to each other
With static NAT, the NAT router simply configures a one-to-one mapping between the private address and the
registered address that is used on its behalf

10
 Dynamic NAT
Dynamic NAT has some similarities and differences compared to static NAT
The mapping of an inside local address to an inside global address happens dynamically
Dynamic NAT sets up a pool of possible inside global addresses and defines matching criteria to determine which
inside local IP addresses should be translated with NAT

11
Port Address Translation (PAT)
Overloading with PAT allows NAT to scale to support many clients with only a few public IP
addresses

12
NAT Configuration

13
Static NAT Configuration

Static NAT Configuration Steps

Configure interfaces to be in the inside part of the NAT design using the ip nat inside interface
subcommand
Configure interfaces to be in the outside part of the NAT design using the ip nat outside
interface subcommand
Configure the static mappings with the ip nat inside source static inside-local
inside-global global configuration command

14
Static Sample Topology

15
 Static Sample Configuration

NAT# show running-config

!
! Lines omitted for brevity
!
interface GigabitEthernet0/0
ip address 10.1.1.3 255.255.255.0
ip nat inside
!
interface Serial0/0/0
ip address 200.1.1.251 255.255.255.0
ip nat outside
!
ip nat inside source static 10.1.1.2 200.1.1.2
ip nat inside source static 10.1.1.1 200.1.1.1

16
Static NAT Verify Configuration

17
Dynamic NAT Configuration

Dynamic NAT Configuration Steps

Configure interfaces to be in the inside part of the NAT design using the ip nat inside interface
subcommand
Configure interfaces to be in the outside part of the NAT design using the ip nat outside
interface subcommand
Configure an ACL that matches the packets entering inside interfaces for which NAT should be
performed
Configure the pool of public registered IP addresses using the ip nat pool name first-
address last-address netmask subnet-mask global configuration command
Enable dynamic NAT by referencing the ACL (Step 3) and pool (Step 4) with the ip nat inside
source list acl-number pool pool-name global configuration command

18
Dynamic NAT Sample Configuration

19
Dynamic NAT Verify Configuration

20
NAT Overload (PAT) Configuration
NAT Overload (PAT) Configuration Steps
Use the same steps for configuring dynamic NAT, as outlined in the previous section, but include the
overload keyword at the end of the ip nat inside source list global command

21
NAT Overload (PAT) Sample
Configuration

22
NAT Overload (PAT) Verify
Configuration

23
NAT Troubleshooting

24
NAT Troubleshooting Steps

Ensure that the configuration includes the ip nat inside and ip nat outside interface subcommands
For static NAT, ensure that the ip nat inside source static command lists the inside local address first and
the inside global IP address second
For dynamic NAT, ensure that the ACL configured to match packets sent by the inside hosts match that
host’s packets, before any NAT translation has occurred
For dynamic NAT without PAT, ensure that the pool has enough IP addresses
For PAT, it is easy to forget to add the overload option on the ip nat inside source list command
Perhaps NAT has been configured correctly, but an ACL exists on one of the interfaces, discarding the
packets
Make sure that some user traffic is entering the NAT router on an inside interface, triggering NAT to do a
translation

25