Configure and verify IPv4 Network Address Translation (NAT)

Exam: Cisco 200-301 - Cisco Certified Network Associate (CCNA)

Have you ever thought, there are billions of devices around the globe and do all of them have a unique public IP address to access the Internet? The answer is "No". Routers block private IP addresses and allow only the public IP addresses to reach the Internet. With the huge number of devices used today, we would have exhausted all the available IPv4 public addresses but, using the Network Address Translation (NAT) technique we preserve a considerable number of IPv4 public addresses for the future use.

The NAT is a networking technique that enables a device or host that is assigned with a private IP address to communicate with other devices through the Internet. A router configured with NAT and a unique public IP address make this technique operational.

The different types of NAT techniques are:

  • Static NAT
  • Dynamic NAT
  • Port Address Translation (PAT) or NAT Overloading

Static NAT

Static NAT maps a single private IP address to a single public or registered IP address. This technique requires a unique public IP address for every device (one-to-one) on your network.

A home network connected to the Internet with a single PC or computer is an example for Static NAT. In this network, the private IP address of the device gets mapped to the public IP address of the Internet Service Provider (ISP) to route to the Internet.

Configuring Static NAT

Consider a home network with a private IP address 192.168.1.4 connecting to the Internet using a public IP address 121.13.4.1.

To configure Static NAT:

1. Configure the fast ethernet interface (f0/0) of the home router with the source IP address 192.168.1.4:

Home-router# configure terminal

Home-router(config)# int f0/0

Home-router(config-if)# ip address 192.168.1.4 255.255.255.0

Home-router(config-if)# no shutdown

Home-router(config-if)# ipnat inside

2. Configure the fast ethernet interface (f0/1) with the outgoing static NAT address 121.13.4.1:

Home-router(config-if)# int f0/1

Home-router(config-if)# ip address 121.13.4.1 255.255.255.0

Home-router(config-if)# no shutdown

Home-router(config-if)# ipnat outside

Home-router(config-if)# exit

3. Configure the home router to translate the private IP 192.168.1.4 to public IP 121.13.4.1 for the home network to get access to the Internet:

Home-router(config)# ipnat inside source static 192.168.1.4 121.13.4.1

The ISP router connecting to your home router will have a configuration similar to this to facilitate Internet connectivity:

ISP-Router# config terminal

ISP-Router(config)# int f0/0

ISP-Router(config-if)# ip address 121.13.4.1 255.255.255.0

ISP-Router(config-if)# no shutdown

Verifying Static NAT Configuration

1. Run the command show ipnat translationson your home router. The output is similar to this:

Home-router#showipnat translations

Pro Inside global Inside local Outside local Ouside global
--- 121.13.4.1 192.168.1.4 --- ---

2. (Optional) Ping the Public IP address and the ISP IP address to verify Static NAT configuration and connectivity.

Dynamic NAT

Dynamic NAT allows you to map a single private IP address to a single public or registered IP address from a pool of public IP addresses. This technique does not require a static configuration on your router. You can configure more number of private IP addresses in your network to map to the pool of public IP addresses. The router dynamically allocates public IP addresses from the pool.

A small or medium enterprise network that has 300 employees and a pool of 30 public IP address is an example for Dynamic NAT.

Configuring Dynamic NAT

Consider a small enterprise network that has 50 employees with private addresses in 192.168.1.0/24 network. The ISP provides 12 public IP addresses (121.13.4.1 to 121.13.4.12) for the employers to connect to the Internet.

To configure dynamic NAT:

1. Configure a pool of public IP addresses:

Router(config)# ipnat pool pool-name first-ip last-ip { netmasknetmask | prefix-length prefix-length }

Example:

Acme-Router(config)# ipnat pool NAT-Pool 121.13.4.1 121.13.4.12 netmask 255.255.255.0

2. Configure a standard access control list to define which internal traffic is allowed to reach the Internet:

Router(config)#access-list access-list-number permit source [wildcard-mask]

Example:

Acme-Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255

3. Map the access list to the NAT pool:

Router(config)#ipnat inside source list access-list-number pool pool_name

Example:

Acme-Router(config)# ipnat inside source list 1 pool NAT-Pool

4. Configure the NAT inside and outside interfaces:

Router(config)# interface interface-name

Router(config-if)# ipnat inside

Router(config-if)# interface interface-name

Router(config-if)#ipnat outside

Example:

Acme-Router(config)# interface f0/0

Acme-Router(config-if)# ipnat inside

Acme-Router(config-if)# interface f0/1

Acme-Router(config-if)#ipnat outside

Verifying Dynamic NAT Configuration

1. Run the command show ipnat translations command on your home router. The output is similar to this:

Acme-router# show ipnat translations

Pro Inside global Inside local Outside local Ouside global
--- 121.13.4.1 192.168.1.4 --- ---
--- 121.13.4.2 192.168.1.5 --- ---
--- 121.13.4.3 192.168.1.7 --- ---

2. (Optional) Ping the Public IP addresses and the ISP IP address to verify Dynamic NAT configuration and connectivity.

Port Address Translation (PAT)

Port Address Translation (PAT) or NAT Overload uses different port numbers to map multiple devices on a local area network (LAN) to a single public IP address. The router maintains unique source port numbers on the inside global IP address to distinguish between translations.

The PAT is the most popular technique of NAT that allows hundreds of devices with private IP addresses to connect to the Internet using one unique public IP address. The PAT prevents IP address exhaustion and saves IPv4 address space for future use.

Configuring PAT

Consider Acme enterprise having 200 employees in one of its branch using the internal network 192.168.1.0/24. The company uses PAT with a single public IP address 121.13.4.1 for the employees to route to the Internet.

1. Configure inside and outside NAT interfaces:

RouterA(config-if)# interface internal-interface

RouterA(config-if)# ipnat inside

RouterA(config)# interface exit-interface

RouterA(config-if)# ipnat outside

Example:

Acme-Router(config-if)# interface fa0/0

Acme-Router(config-if)# ipnat inside

Acme-Router(config)# interface fa0/1

Acme-Router(config-if)# ipnat outside

2. Configure a standard access control list to define which internal traffic is allowed to reach the Internet:

Router(config)#access-list access-list-number permit source [wildcard-mask]

Example:

Acme-Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255

3 Map the access list to the interface that is used for PAT:

Router(config)# ipnat inside source list access-list-number interface interface-name overload

Example:

Acme-Router(config)# ipnat inside source list 1 interface fa0/1 overload

Verifying PAT

1. Run the command show ipnat translations command on your router. The output is similar to this:

Acme-router# show ipnat translations

Pro Inside global Inside local Outside local Ouside global
--- 121.13.4.1:46389 192.168.1.4 --- ---
--- 121.13.4.1:46390 192.168.1.5 --- ---
--- 121.13.4.1:46391 192.168.1.7 --- ---

Exam Question

Which NAT type preserves more public IP address?

  1. Static NAT
  2. Dynamic NAT
  3. PAT
  4. Inside Global address

Answer: C: PAT

The PAT is the most efficient NAT technique to preserve public IP address.

Related IT Guides

  1. 200-301 exams
  2. Configure and verify ACLs in a network environment
  3. Configure and verify an ACLs to limit telnet and SSH access to the router
  4. Configure and verify Cisco NetFlow
  5. Configure and verify DHCP (IOS Router)
  6. Configure and verify EtherChannels
  7. Configure and verify initial switch configuration including remote access management
  8. Configure and verify interVLAN routing (Router on a stick)
  9. Configure and Verify IP SLA
  10. Configure And Verify Manual and Autosummarization With Any Routing Protocol
  11. Configure and Verify Network Time Protocol (NTP)
  12. Configure and verify PPP
  13. Configure and verify static routing
  14. Configure and verify VLANs
  15. Configure And Verify VRF Lite
  16. Describe IP operations
  17. Describe the types, features, and applications of ACLs
  18. Identify and correct common network problems
  19. Recognize proposed changes to the network
  20. Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
  21. Select the Components Required to Meet a Network Specification
  22. Troubleshoot Layer 2 protocols
  23. Troubleshoot passive interfaces
  24. Verify network status and switch operation using basic utilities
100% Money Back

How to Claim the Refund / Exchange?

In case of failure your money is fully secure by BrainDumps Guarantee Policy. Before claiming the guarantee all downloaded products must be deleted and all copies of BrainDumps Products must be destroyed.


Under What Conditions I can Claim the Guarantee?

Full Refund is valid for any BrainDumps Testing Engine Purchase where user fails the corresponding exam within 30 days from the date of purchase of Exam. Product Exchange is valid for customers who claim guarantee within 90 days from date of purchase. Customer can contact BrainDumps to claim this guarantee and get full refund at support@braindumps.com. Exam failures that occur before the purchasing date are not qualified for claiming guarantee. The refund request should be submitted within 7 days after exam failure.


The money-back-guarantee is not applicable on following cases:

  1. Failure within 7 days after the purchase date. BrainDumps highly recommends the candidates a study time of 7 days to prepare for the exam with BrainDumps study material, any failures cases within 7 days of purchase are rejected because in-sufficient study of BrainDumps materials.
  2. Wrong purchase. BrainDumps will not entertain any claims once the incorrect product is Downloaded and Installed.
  3. Free exam. (No matter failed or wrong choice)
  4. Expired order(s). (Out of 90 days from the purchase date)
  5. Retired exam. (For customers who use our current product to attend the exam which is already retired.)
  6. Audio Exams, Hard Copies and Labs Preparations are not covered by Guarantee and no claim can be made against them.
  7. Products that are given for free.
  8. Different names. (Candidate's name is different from payer's name.)
  9. The refund option is not valid for Bundles and guarantee can thus not be claimed on Bundle purchases.
  10. Guarantee Policy is not applicable to CISSP, EMC, HP, Microsoft, PMI, SAP and SSCP exams as www.braindumps.com provides only the practice questions for these.
  11. Outdated Exam Products.
Close
Get 10% Discount on Your Purchase When You Sign Up for E-mail

This is a ONE TIME OFFER. You will never see this Again

Instant Discount

Braindumps Testing Engine

10% OFF

Enter Your Email Address to Receive Your 10% OFF Discount Code Plus... Our Exclusive Weekly Deals

A confirmation link will be sent to this email address to verify your login.

* We value your privacy. We will not rent or sell your email address.
Close
Your 10% Discount on Your Purchase

Save 10%. Today on all IT exams. Instant Download

Braindumps Testing Engine

Use the following Discount Code during the checkout and get 10% discount on all your purchases:

SignUp10OFF

Start Shopping