In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

Scaling the Network

with NAT and PAT

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Objectives
•Describe the features of NAT and PAT on Cisco routers
•Translate inside source addresses by using static and
dynamic translation
•Configure PAT by overloading an inside global address
•Use show and clear commands to verify that NAT and PAT
are operating as expected
•Use debug commands to identify events and anomalies in
the NAT and PAT configurations

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 NAT Features
•Eliminates the need to readdress all hosts that require
external access.
•Conserves addresses through application port-level
multiplexing.
•With NAT, internal hosts can share a single registered
IP address for all external communications.
•Protects network security.

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 NAT Terminology
•Inside local address: The IP address assigned to a host on
the inside network.
•Inside global address: An IP address assigned by service
provider that represents one or more inside local IP addresses to
the outside world.
•Outside local address: The IP address of an outside host as
it appears to the inside network.
•Outside global address: The IP address assigned to a host
on the outside network host owner. The outside global address is
allocated from a globally routable address or network space

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Network Address Translation

•An IP address is either local or global.

•Local IPv4 addresses are seen in the inside network.
•Global IPv4 addresses are seen in the outside network.

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Port Address Translation

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Translation Inside Source Addresses

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 NAT Types
•Static NAT: Maps an unregistered IP address to a registered
IP address (one-to-one). Static NAT is particularly useful when a
device needs to be accessible from outside the network.
•Dynamic NAT: Maps an unregistered IP address to a
registered IP address from a group of registered IP addresses.
•Overloading: Maps multiple unregistered IP addresses to a
single registered IP address (many-to-one) by using different
ports. Overloading is also known as PAT, and is a form of dynamic
NAT.

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Configuring and Verifying Static
Translation
Establishes static translation between an inside local address and an
inside global address

Marks the interface as connected to the inside

Marks the interface as connected to the outside

Displays active translations

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Enabling Static NAT
Address Mapping Example

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Configuring and Verifying Dynamic
Translation

Defines a pool of global addresses to be allocated as needed.

Defines a standard IP ACL permitting those inside local addresses that

are to be translated.

Establishes dynamic source translation, specifying the ACL that was

defined in the prior step.

Display active translations.

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Dynamic Address Translation Example

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Overloading an Inside Global Address

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Configuring Overloading

Defines a standard IP ACL that will permit the inside local addresses that
are to be translated

Establishes dynamic source translation, specifying the ACL that was

defined in the prior step

Display active translation

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Overloading an Inside
Global Address Example

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Clearing the NAT Translation Table
Clears all dynamic address translation entries

Clears a simple dynamic translation entry that contains an inside

translation or both an inside and outside translation

Clears a simple dynamic translation entry that contains an outside

translation

Clears an extended dynamic translation entry (PAT entry )

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Translation Not Occuring:
Translation Not Installed in the Table
•Verify that:
–There are no inbound ACLs that are denying the backets
entry to the NAT router
–The ACL referenced by the NAT command is permitting all
necessary networks.
–There are enough addresses in the NAT pool
–The router interfaces are appropriately defined as NAT
inside or NAT outside

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Displaying Information with show and
debug Commands

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

 Summary
•There are three types of NAT: static, dynamic and overloading
(PAT).
•Static NAT is one-to-one address mapping. Dynamic NAT
addresses are picked from a pool.
•NAT overloading (PAT) allows you to map many inside addresses
to one outside address.
•Use the show ip nat translation command to display the
translation table and verify that translation has occurred.
•To determine if a current translation entry is being used, use the
show ip nat statistics command to check the hits counter.

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services

In compliance with ISO-9001 Cost Effective Quality Training Manpower Services