Get Full Access to our 739 Cisco Lessons Now Start $1 Trial
You are here: Home » Cisco » CCNA Routing & Switching ICND1 100-105

How to configure PAT on Cisco IOS Router

I have covered the configuration of static NAT and dynamic NAT in previous lessons, now it’s time for PAT. This is the topology we’ll use:

nat 2 hosts inside outside

Let’s prepare the hosts. I am using normal Cisco routers with “ip routing” disabled to turn them into dumb hosts:

Host1(config)#no ip routing
Host1(config)#default gateway 192.168.123.3
Host2(config)#no ip routing
Host2(config)#ip default-gateway 192.168.123.3

Next step is to configure NAT:

NAT(config)#interface fastEthernet 0/0
NAT(config-if)#ip nat inside 
NAT(config)#interface fastEthernet 1/0
NAT(config-if)#ip nat outside

So far so good, let’s create an access-list that matches both hosts:

NAT(config)#access-list 1 permit 192.168.123.0 0.0.0.255

And finally we’ll configure PAT:

NAT(config)#ip nat inside source list 1 interface fastEthernet 1/0 overload

I select access-list 1 as my inside source and I will translate them to the IP address on FastEthernet 1/0. The big magic keyword here is overload. If you add this we will enable PAT!

Let’s give it a test run shall we?

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 739 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
Give Membership a try - it's just $1 ►

523 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,

Forum Replies

  1. Hi Karthik,
    These terms can be quite confusing–I am still baffled why Cisco continues to use them! This is what has helped me …

    As you know, there are four possible varieties:

    1. Inside Local
    2. Inside Global
    3. Outside Local
    4. Outside Global

    Notice the left word is always either “Inside” or “Outside.” Think of this as the origin of the packet with respect to a NAT. Did the packet originate inside or outside the NAT?

    The word on the right is always either “Local” or “Global.” Think of this as where you have captured the packet you are looking at with respect to the

    ... Continue reading in our forum

  2. Hi Jason,

    That’s right. You’ll need to create a match statement for each source network that should be translated (or create one statement that matches multiple networks).

    Your NAT router looks for the source IP address in the packets that it receives, if it matches an access-list entry, it will translate it.

    Rene

  3. This been tested? How is host 1 which is on the 192.168.12.0/24 network going to reach the 192.168.23.0/24 network since it has no routes there? I can see it being able to reach 192.168.23.2 as its on the NAT router.

    However it will not reach 192.168.23.3 which is IP address of Web1

    Host1#ping 192.168.23.3

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:

    Success rate is 0 percent (0/5)

    //cdn-forum.networklessons.com/uploads/default/original/2X/6/65afc35c0cce4d0dc5c8c4b604286e10c00d0aa1.jpeg

    nor can you

    ... Continue reading in our forum

  4. Hello Meihua

    The quick and simple answer is, you don’t have to. Why? Let’s take a look at an example.

    Let’s say you have the following three devices on the internal network with these parameters:

    • Host 1, IP address 10.10.10.10, communicating with a Web server on the Internet
    • Host 2, IP address 10.10.10.11 connected to an email server on the Internet
    • Host 3, IP address 10.10.10.12 connected to an FTP server on the Internet

    Al three are sharing the same external IP address of 201.12.12.12.

    Let’s say that Host 1 is the first to make a connection using a local

    ... Continue reading in our forum

  5. Lazaros:
    Many thanks for your reply. It really explains to me. I like it so much.
    Thanks again.
    Melina

20 more replies! Ask a question or join the discussion by visiting our Community Forum