NAT

Configuring PAT on a cisco device.

todo: explain differences and why what

Static NAT

todo

Dynamic NAT

todo

PAT

One public IP for many private IPs. (Overloading)
Differentiates multiple sessions using unique port numbers.

Handling Traffic

Outgoing Traffic:
- Replaces inside local IP and port with inside global IP and unique port.
Incoming Responses:
- Translates inside global IP and port back to the original inside local IP and port.
Session Mapping:
- Creates a translation entry for each new session.
- Utilizes NAT table for bidirectional flow handling.

Inspecting PAT Translation logs on NAT Router

show ip nat translations

! Example output from multiple hosts
Pro  Inside global            Inside local       Outside local      Outside global
icmp 11.174.231.225:1         10.40.0.2:1        11.174.231.226:1   11.174.231.226:1
icmp 11.174.231.225:5         10.40.0.1:5        11.174.231.226:5   11.174.231.226:5
icmp 11.174.231.225:8         10.40.0.1:8        11.174.231.226:8   11.174.231.226:8

Configuratiaon

! Define outside interface (facing to the internet)
interface GigabitEthernet0/1
  ip nat outside

! Define inside interfaces (origin of traffic)
! Can also be a VLAN Interface
interface GigabitEthernet0/0.10
  encapsulation dot1Q 10
  ip address 192.168.10.1 255.255.255.0
  ip nat inside
  no shutdown

interface GigabitEthernet0/0.20
  encapsulation dot1Q 20
  ip address 192.168.20.1 255.255.255.0
  ip nat inside
  no shutdown

! The ACL defines, which source addresses get translated
ip access-list extended nat-inside-in
  permit ip 192.168.10.0 0.0.0.255 any
  permit ip 192.168.20.0 0.0.0.255 any

! The overload keyword enables PAT
ip nat inside source list nat-inside-in interface GigabitEthernet0/1 overload

NAT

Static NAT​

Dynamic NAT​

PAT​

Handling Traffic​

Inspecting PAT Translation logs on NAT Router​

Configuratiaon​

Static NAT

Dynamic NAT

PAT

Handling Traffic

Inspecting PAT Translation logs on NAT Router

Configuratiaon