Mastering NAT: Static, Dynamic, PAT, and NAT Server Explained

NAT Functions

Network Address Translation (NAT) converts internal private IP addresses to public IP addresses when packets travel from the internal network to the Internet, and reverses the conversion for inbound traffic, enabling address sharing, security, and efficient use of public IP space.

Advantages: Saves public IP addresses, resolves address overlap, enhances flexibility and security. Disadvantages: Increases latency, adds configuration complexity, and may not support certain applications such as VPN.

Static NAT

Static NAT provides a one-to-one mapping between a private IP address and a public IP address. Each private address requires a dedicated public address, offering no IP savings but allowing internal hosts to be hidden.

Configuration examples: nat static global 12.0.0.1 inside 192.168.10.10 Enable NAT on the external interface:

int g0/0/1  # external interface
nat static enable

Alternatively, declare NAT directly on the interface:

int g0/0/1
nat static global 12.0.0.1 inside 192.168.10.10

View static NAT configuration:

dis nat static

Dynamic NAT

Dynamic NAT maps multiple private IP addresses to multiple public IP addresses using an address pool, establishing a one-to-one relationship.

Configuration steps:

Assign IP addresses to external and internal interfaces.

Create an address pool: nat address-group 1 212.0.0.100 212.0.0.200 Define an access control list (ACL):

acl 2000

rule permit source 192.168.20.0 0.0.0.255

rule permit source 11.0.0.0 0.0.0.255

Apply dynamic NAT on the external interface:

int g0/0/1
nat outbound 2000 address-group 1 no-pat

‘no-pat’ disables port translation, performing only IP address translation. View outbound NAT information with dis nat outbound.

PAT (Port Address Translation)

PAT, also known as NAPT, allows many private hosts to share a single public IP address by translating source IPs to the same public IP while assigning unique source ports.

PAT Functions

Changes packet IP address and port number.

Significantly conserves public IP addresses.

PAT Types

Dynamic PAT: includes NAPT and EasyIP.

Static PAT: includes NAT Server.

NAPT (Multiple Private Addresses to One Fixed Public IP)

Configuration is similar to dynamic NAT but uses a fixed public IP address.

Example: nat address-group 1 200.1.1.10 200.1.1.10 Define ACL and apply NAT:

acl 2000
rule permit source 192.168.30.0 0.0.0.255
int g0/0/1
nat outbound 2000 address-group 1

EasyIP (Multiple Private Addresses to External Interface Public IP)

Configuration steps mirror NAPT, using the external interface’s public IP.

Define ACL:

acl 3000
rule permit ip source 192.168.30.0 0.0.0.255

NAT Server (Client Access to Private Server or Server Access to Client)

Example configuration to map a public address to a private server:

int g0/0/1
nat server protocol tcp global 9.9.9.9 www inside 192.168.10.100 www

Map current interface to internal services:

nat server protocol tcp global current-interface 8080 inside 10.1.1.1 www
nat server protocol tcp global current-interface 2121 inside 10.1.1.2 ftp

Summary

NAT translates internal addresses and ports to legal public addresses for communication with external hosts.

Static NAT provides one-to-one private-to-public address mapping.

PAT enables many private hosts to share a single public IP by using distinct ports.

NAT Server allows clients to reach private servers or servers to initiate connections to clients.