Just about every person on the planet who connects to the Internet uses network address translation (NAT) to do it. But there are two kinds of NAT -- static and dynamic -- and you need to know how to configure them. So what kind of NAT do you use, and how do you configure NAT?
In this screencast and tip, you will learn:
- Why you need NAT to connect to the Internet and what it does for you.
- The differences among various kinds of NAT.
- How to configure static and dynamic NAT to connect to the Internet.
Let's get started…
What is NAT and why do you need it?
Why do you need NAT? If your network uses real public Internet IP addresses and your computer has one, then you probably don't need NAT. However, there may be almost no one on the planet whose network uses real public IP addresses because they are just so hard to get.
Private IP addresses usually start with 10, 172.16, or 192.168. Just about everyone who accesses the Internet uses private IP addresses, so they don't have to worry about allocating real Internet private IP addresses.
Network Address Translation is most commonly used to map these private IP addresses on your internal LAN to the real public IP addresses used on the Internet. NAT has a number of uses, but just about everyone uses it to connect to the Internet without giving it a thought.
In other words -- to make a general statement -- you need NAT to connect to the Internet.
NAT is configured and performed on your Internet router, where both networks are connected.
What are the different kinds of NAT?
There is more than one type of NAT. When configuring NAT, you can choose from:
- Static NAT: A one-to-one ratio of inside devices to outside IP addresses, usually used for Internet-facing servers that are expecting inbound traffic (such as Web or email servers).
- Pooled NAT/dynamic NAT: A pool of outside IP addresses is used and shared by inside (local private LAN) devices when connecting to the Internet.
- Port address translation (PAT)/NAT overload: A single IP address or pool of very few public/outside IP addresses is shared by private/inside devices on the local LAN. This is typically what is used on your home/SMB Internet NAT router.
How to configure static and dynamic NAT to connect to the Internet
Here is the configuration we will use in the screencast to configure static and dynamic NAT:
ip address 184.108.40.206 255.255.255.0
ip nat outside
ip address 10.0.1.137 255.255.255.0
ip nat inside
ip nat inside source static tcp 10.0.1.130 25 220.127.116.11 25
ip nat inside source static tcp 10.0.1.130 80 18.104.22.168 80
ip nat inside source static tcp 10.0.1.130 443 22.214.171.124 443
ip nat pool mypool 126.96.36.199 188.8.131.52 netmask 255.255.255.0
ip nat inside source list 7 pool mypool
access-list 7 permit 10.0.1.0 0.0.0.255
!--- Don't forget your ip route and access-list or stateful firewall commands ---!
Here are some "show" and "clear" commands you can use on your Cisco IOS router once you have configured NAT:
clear ip nat translation
show ip nat statistics
show ip nat translations
debug ip nat
About the author:
David Davis is director of infrastructure at TrainSignal.com. He has a number of certifications, including CCIE #9369, MCSE, CISSP and VCP. David has authored hundreds of articles and six video training courses at Train Signal, with his most popular course being VMware ESX Server. His personal websites are HappyRouter.com and VMwareVideos.com. You can follow David on Twitter or connect with David on LinkedIn.
This was first published in May 2009