later they came up with a concept of private IP address which can be used without any restrictions and free to use but cannot be routable on the internet. With the introduction of NAT, this problem has been solved and it provides better security to the internal hosts because private IP address has been hidden with the public IP address.
There are 4 options that available to configure NAT PAT
- one to one dynamic NAT.
- one to one static NAT.
- one to many dynamic PAT.
- one to one static port forwarding.
Before heading to the configuration , we have to discuss some cisco defined terminology. From site A view
Inside local:- this is the private network side, all internal network within an organization.
Inside global:- public network side which is connected to the internet.
How to configure one to one dynamic NAT
Firstly we are going to create a standard access list that permitting that 192.168.1.0/24 network. So that we can use this access list to match all the hosts in that network.
IP access-list private
Access-list 1 permit 192.168.1.0 0.0.0.255
Next, we have to mention interfaces of the router which is inside and which is outside. Inside interface is connected to the internal private network and out side interface is connected to the internet. This configuration is same for all 4 options.
Interface gi0/0
Ip nat inside
exit
Interface se0/3/0
Ip nat outside.
exit
Creating a pool of public address.Here each public IP address of the pool will dynamically map each private IP address of the host.
Ip nat pool public 30.30.30.3 30.30.30.5 netmask 255.255.255.0
Final main command. Here source will access list and the pool contains public IP addresses.
Ip nat inside source list private pool Public
How to configure one to one static NAT
IP nat inside source static 192.168.1.2 30.30.30.3
Ip nat inside source static 192.168.1.3 30.30.30.4
Here we have mapped each host’s private IP address to each public IP address
How to configure PAT (port address translation )
IP nat inside source list private interface gi0/0 overload
Here interface keyword points to the public IP address of the interface and overload command enables the functionality that multiple internal hosts use that single IP address. That IP address is 30.30.30.1 in this scenario.
How to configure port forwarding static
Ip nat inside source static TCP 192.168.1.2 80 30.30.30.3 80 extendable
This is pretty similar to static nat but here you have to mention the local port and global port. And extendable keyword is used to map multiple ports against that single IP address again and again.