Network Address Translation (NAT)/ Port Address Translation (PAT) Configuration (Cisco device):
Two types of NAT:
Static NAT: to map one to one IP address (public ip to privet ip)
Step 1: (Configure)
Router>enable
Router#configure terminal
Router(config)#ip nat inside source static 192.168.110.2 209.165.100.7 (For All Services)
OR
Router(config)#ip nat inside source static tcp 192.168.110.2 8011 222.238.21.16 8011 extendable (Port base static nat)
OR
Router(config)#ip nat inside source static tcp 192.168.110.2 8011 222.238.21.16 8011 extendable (Port base static nat)
Step 2: (Apply)
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip nat inside >> Privet site network for the router
Router(config)#interface serial 0/0/0
Router(config-if)#ip nat outside >> Public site network for the router
Dynamic NAT/PAT: to map one to many or many to many IP address (public ip to privet ip).
Step 1: (Create NAT pool)
Router>enable
Router#configure terminal
Router(config)#ip nat pool nat_test 209.165.100.4 209.165.100.6 netmask 255.255.255.252
>> create nat_test pool for public IP from 290.165.100.4 to 209.165.100.6 (3 public IP) leased by ISP (configure as your requirement).
Step 2: (Create ACL for which network or IP address you want to access internet)
Router>enable
Router#configure terminal
Router(config)#access-list 10 permit 10.0.0.0 0.255.255.255
Router(config)#access-list 10 permit 172.16.0.0 0.0.255.255
Router(config)#access-list 10 permit 192.168.0.0 0.0.0.255
>> Create ACL (Standard, Extended) as your requirement
Step 3: (March NAT pool and ACL)
Router>enable
Router#configure terminal
Router(config)#ip nat inside source list 10 pool nat_test >> without PAT
Router(config)#ip nat inside source list 10 pool nat_test overload >> enable PAT
OR
Router(config)#ip nat inside source list 10 interface GigabitEthernet0/0 overload >> nat over Interface
OR
Router(config)#ip nat inside source list 10 interface GigabitEthernet0/0 overload >> nat over Interface
Step 4: (Apply)
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip nat inside >> Privet site network for the router
Router(config)#interface serial 0/0/0
Router(config-if)#ip nat outside >> Public site network for the router
Please apply NAT/PAT, depend on your network policy.
(Optional) Internet Service Provider (ISP) site Configuration: Your ISP configure static route to translate NAT/PAT.
Router>enable
Router#configure terminal
Router(config)#ip route 209.165.100.4 255.255.255.252 serial 0/0/1
>> here serial 0/0/1 is exit interface
Show Command:
Router#show ip nat translations >> Translation entries of NAT/PAT
Remove Static Nat Configuration:
Router# Clear ip nat translation * >> to clear nat translation
Router(config)#no ip nat inside source static 192.168.100.10 interface g0/0 >> to remove static nat
#Another Important thing is, you must configure “Default Route” in each router toward the ISP. Example:
Router>enable
Router#configure terminal
Router(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/1 or 224.100.100.25
>> exit interface or next hop IP address
Show Command:
Router#show ip nat translations >> Translation entries of NAT/PAT
Remove Static Nat Configuration:
Router# Clear ip nat translation * >> to clear nat translation
Router(config)#no ip nat inside source static 192.168.100.10 interface g0/0 >> to remove static nat
