Cisco Basics: NAT and PAT

Address Translation commonly referred to as either NAT or PAT is the process of altering traffic as it passes through a router so that it appears to come from different addresses. Address translation is particularly useful due to the limited supply of IPv4 addresses. Networks can have a much larger number of internal-only addresses behind a smaller number (usually one) public internet address.

The translation process is performed by a router usually on the edge of a network, connecting to an internet service provider. In routed networks usually just the source and destination MAC address are changed as they pass through routers, with address translation the source IP address (and port) is also changed.

Generally speaking, there are two types of address translation:

  • NAT
    Network Address Translation translates the source address to one from a list of public addresses. The downside to this approach is that for each internal host on the network you also need an external address.
  • PAT
    Port Address Translation usually has a single outside IP address and alters the source port when traffic leaves the router, that way traffic can be mapped back to internal addresses

Cisco has a few different NAT configurations depending on the scenario, I’ll cover them in more detail below. Before we get started, let’s assume we have the following configuration:

! Internal interface representing a LAN
interface FastEthernet0/1
 ip address

! Outside interface representing the internet
interface FastEthernet0/2
 ip address

The first thing we need to do is specify which interface is inside our network and which is outside:

Router(config)# int Fa0/1
Router(config-if)# ip nat inside
Router(config-if)# int Fa0/2
Router(config-if)# ip nat outside

When executing the “ip nat inside/outside” commands the router may hang for a second, it’s normal behaviour. This doesn’t usually happen in Packet Tracer but may do on production devices.
Continue reading Cisco Basics: NAT and PAT