October 5, 2017

How to configure NAT, PAT and port forwarding static on a cisco router.

Updated by subhakaran Nitijanandhan
Network address translation is the concept of translating the private ipv4 address into the routable public ipv4 address on the internet. You may think that why do we need NAT? In the earlier period, scientists were thought that ipv4 would be enough for the whole internet but now there are so many hosts that present on the internet and no enough IP address.
 configure NAT, PAT and  port forwarding static

later they came up with a concept of private IP address which can be used without any restrictions and free to use but cannot be routable on the internet. With the introduction of NAT, this problem has been solved and it provides better security to the internal hosts because private IP address has been hidden with the public IP address.

There are 4 options that available to configure NAT PAT

  1.  one to one dynamic NAT.
  2.  one to one static NAT.
  3.  one to many dynamic PAT.
  4.  one to one static port forwarding.

Before heading to the configuration , we have to discuss some cisco defined terminology. From site A view

Inside local:- this is the private network side, all internal network within an organization.
Inside global:- public network side which is connected to the internet.

How to configure one to one dynamic NAT

Firstly we are going to create a standard access list that permitting that 192.168.1.0/24 network. So that we can use this access list to match all the hosts in that network.

IP access-list private
Access-list 1 permit 192.168.1.0 0.0.0.255

Next, we have to mention interfaces of the router which is inside and which is outside. Inside interface is connected to the internal private network and out side interface is connected to the internet. This configuration is same for all 4 options.

Interface gi0/0
Ip nat inside
exit
Interface se0/3/0
Ip nat outside.
exit
Creating a pool of public address.Here each public IP address of the pool will dynamically map each private IP address of the host.
Ip nat pool public 30.30.30.3 30.30.30.5 netmask 255.255.255.0

Final main command. Here source will access list and the pool contains public IP addresses.
Ip nat inside source list private pool Public

How to configure one to one static NAT

IP nat inside source static 192.168.1.2 30.30.30.3
Ip nat inside source static 192.168.1.3 30.30.30.4

Here we have mapped each host's private IP address to each public IP address

How to configure PAT (port address translation )

IP nat inside source list private interface gi0/0 overload

Here interface keyword points to the public IP address of the interface and overload command enables the functionality that multiple internal hosts use that single IP address. That IP address is 30.30.30.1 in this scenario.

How to configure port forwarding static

Ip nat inside source static TCP 192.168.1.2 80 30.30.30.3 80 extendable

This is pretty similar to static nat but here you have to mention the local port and global port. And extendable keyword is used to map multiple ports against that single IP address again and again.