Introduction to NAT and PAT

Without network address translation (NAT) or port address translation (PAT) you probably wouldn’t be able to access the internet from your computer or at least you’ll be the only one in the house having internet access…in this lesson I want to give you an explanation of why and how we use NAT/PAT for Internet access.

Let’s start with a topology:

nat example network

On the left side we have a computer on our LAN with the IP address connected to a router. From our ISP we got the IP address and there’s a server on the Internet using IP address If our computer send something to the server what would be the source and destination IP address of the IP packet it will send?

without nat incoming packet

The source IP address will be our computer and the destination IP address will be the server as you can see in the IP packet in the picture above.

without nat return traffic

Once our server responds it will create an IP packet specifying the computer’s IP address as the destination and the source IP address will be its own IP address.

Is there anything wrong with this example? No, it’s perfectly fine except for one detail…the IP address of the computer and the IP address on the router are private IP addresses. Private IP addresses are meant for our LANs and public IP addresses are for the Internet.

This time we are going to configure NAT (Network Address Translation) and see what the difference is…

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 739 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

559 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,

Forum Replies

  1. Hi William,

    You can’t simulate NAT traffic on the local router. If you want to see some NAT translations, you’ll have to send some traffic through your router. When I have to test something like this I like to use another router or switch as the “host” device. Some quick pings are enough to test NAT.


  2. Hi Rakesh,

    PAT means port address translation, this doesn’t mean that the source port is always changed though. Take a look at this example:

    How to configure PAT on Cisco IOS Router

    Look for the show ip nat translations command in that lesson. You can see the source ports remain the same, the router will only change these if two hosts happen to pick the same source port number.

    CGNAT stands for Carrier Grade NAT. Some ISPs don’t give their customers public IP addresses anymore but private IP addresses. The ISP will use NAT/PAT to put many customers behind a single public IP address.


  3. Hi Pavan,

    In most NAT/PAT examples, we only translate the source IP address.

    With bi-directional NAT, you can translate both the source and destination IP address at the same time.


  4. Hello Juan

    The rule is that RFC1918 IP addresses are not reachable or routable on the internet. That is a rule that ISPs are responsible for adhering to and implementing. There is no technological inability to routing these addresses, but by definition, everyone is required to adhere to it and that is why you cannot do it. But even if an ISP does accept them, when they try to hand them off to other networks, the routers on the Internet at large are configured to drop any such traffic.

    Cisco’s OCGs mention this because it is expected that all Internet network

    ... Continue reading in our forum

  5. yes, it was i suspected, that is a rule but not a technological inability.

    Thanks for your reply.

29 more replies! Ask a question or join the discussion by visiting our Community Forum