These blocks of addresses can be used by multiple organizations for their private networks but they are not routable on the Internet. For hosts with these addresses that need to access the Internet, a device must be deployed at the edge of the network that performs address translation to unique public addresses.

Network Address Translation (NAT) is used to translate Private IP addresses from the reserved private address space defined in RFC 1918 to Public IPv4 addresses which are routable on the Internet. NAT is usually implemented on a router that sits at the edge connecting a private network on one side and the public network (Internet) on the other side. There are various types of NAT but in this lesson, we will focus on the following three types of NAT.

Static NAT is used to translate a private IP address to a Public IP address on a one-to-one basis. Static NAT creates a fixed translation of a private IP address or a subnet to a Public IP address or subnet. The translation is persistent and the Public IP address is the same for each consecutive connection.

Dynamic NAT is used to translate a group of private IP addresses to a pool of Public IP addresses. Dynamic NAT also establishes a one-to-one mapping between private and public IP addresses but the translation will be temporary and after the connectivity is not required the translation will be removed and the public IP address will be returned to the pool and which can then be used to translate any other private host.

Port Address Translation is used to translate multiple private IP addresses to a single public IP address. To keep each translation unique a private IP address and source port is translated to Public IP address and mapped port.

Table below list various NAT terminologies

NAT Terminologies

Network Address Translation (NAT)



Mapping an IP address to another IP address either statically or dynamically


Port Address Translation (PAT)



Mapping multiple IP address to a single IP address. To differentiate between connections source port is also changed. Also known as NAT overload



Inside Local



IP address assigned to the host on the private network


Inside Global



The IP address of a private host as it appears to the public network.



Outside Local



IP address of a public host as it appears to the private network



Outside Global



IP address assigned to a host on the public network by the host owner


Nat Configuration

We will use the network in the figure below to demonstrate the configuration of Static, Dynamic NAT, and PAT.


We will configure the Cisco Router to perform Static NAT on the IP address owned by Web Server and Dynamic NAT to translate the IP addresses of three hosts to dynamically to a pool of addresses.

Router(config)interface fastethernet 0/0

Router(config-if)ip address

Router(config-if)ip nat inside


Router(config)interface fastethernet 0/1

Router(config-if)ip address

Router(config-if)ip nat outside


Router(config)ip nat inside source static

— The command above configures static NAT for private IP address to public IP address —

Router(config)access-list 101 permit ip any

Router(config)access-list 101 permit ip any

Router(config)access-list 101 permit ip any

Router(config)ip nat pool DYN_NAT_POOL prefix-length 24

Router(config)ip nat inside source list 101 pool DYN_NAT_POOL


— The commands above configure Dynamic NAT for a group three hosts which are assigned public IP addresses from a pool of three public IP addesses —

We can also configure Port Address Translation for the three hosts such that all three of them will be overloaded to a single IP address. To configure PAT use the following command

Router(config)ip nat inside source list 101 interface fastethernet 0/1 overload


Today we covered Network Address Translation and configuration, NAT is a very important lesson and students must have thorough conceptual and practical knowledge of NAT as almost all enterprise networks connected to the Internet use NAT.