Don R. Crawley, CCNA-certified, is president and chief technologist at soundtraining.net, the Seattle training firm specializing in business skills and technical training for IT professionals. He works with IT pros to enhance their work, lives, and careers. For a free subscription to soundbytes, Don's 60-second e-zine for IT pros with musings, rants, and how-to guides, click here.
Copyright (c) 2008 Don R. Crawley
Network Address Translation, better known simply as NAT, allows an outside address to represent a single or many inside addresses. There are several forms of NAT, but one of the most common is called NAT overloading, Port Address Translation, or simply PAT. PAT provides a many-to-one mapping with many inside private addresses mapped to one outside public address. We often see PAT used in home firewalls and routers to allow several home computers and perhaps a gaming console to use private addresses such as 192.168.1.1-100 and share a single registered public address on the Internet. The process is made possible by appending different port numbers to the source and destination addresses to create a unique connection. Given that there are more than 65,000 port numbers, you'll likely run out of bandwidth or system resources long before running out of translation slots!
Here are the four steps to configuring Port Address Translation (each step starts in configuration mode ("config t"):
1. Configure nat on your inside interface:
int e0/0
ip nat inside
2. Configure nat on your outside interface:
int e0/1
ip nat outside
3. Configure an access control list to allow the inside traffic to use NAT:
access-list 101 permit ip any any
4. Enable NAT overloading (PAT) on the outside interface:
ip nat inside source list 101 interface e0/1 overload
In this example, the "ip nat inside" and "ip nat outside" statements are used to tell the router which interface is considered inside and which interface is considered outside for the purpose of NAT. Interface Ethernet 0/0 is inside and Interface Ethernet 0/1 is outside. Your interfaces will probably different, for example you might be configuring "f0/0" or "gigabit 0/1", etc.
The access control list statement tells the router to permit all IP traffic to flow from any source to any destination. The number (101) is simply an ID that must match the number used in the "ip nat" statement. (Note that, in this case, the number must fall between 100 and 199 inclusive.)
The "ip nat insisde source list" statement tells the router which access control list to use to know the traffic to permit (access-list 101), the interface on which NAT will be performed (interface ethernet 0/1) and the form of NAT to perform (overload).
This configuration will allow any host on the inside subnet to share the outside interface for the purpose of going on the Internet. There is no restriction as to the type of traffic, nor are there any restricted hosts. Obviously, this configuration would only be acceptable in a small office or home type of network. Even then, you might want to limit hosts' access to the Internet by creating a more restrictive access control list.
- Related Videos
- Related Articles
- Ask / Related Q&A
- Cisco Router Selection
- Why Cisco Routers Offer A Comprehensive Network Solution For Your Business
- Configuring a Site-to-site Vpn Between Two Cisco Routers
- Pptp and Http Port Forwarding With Static Nat on a Cisco Router
- What to Know Before Upgrading Your Cisco Router
- Free Ccna Tutorial About Cisco Ios Software, Cisco Router Configuration Modes and Cisco Cli (command Line Interface)
- Securing Networks with Cisco Routers and Switches:642-503 Exam
- Securing Networks with Cisco Routers and Switches:642-503 Exam
HP Printer Help and Support
By: Joshep John | 03/07/2009HP (Hewlett-Packard) is one of the largest company which manufacturing Printers, personal computing device, enterprise servers, related storage devices as well as other imaging products. Printer gives your hard copy print out in test of graphic format.
Troubleshooting With Windows Defender
By: Alina wilson | 03/07/2009In current time, a lot of pc users are facing external threats like spywares, adwares, malwares and many more. Spyware Protect 2009, Antivirus 2009, Personal Antivirus are few of new spywares. Mostly it comes up with many fake alerts, messages and pop-ups on your computer
replacement laptop Dell PA-12 adapter choose
By: johnsunvalley | 03/07/2009replacement laptop Dell PA-12 adapter choose.
Use This Simple Free Reverse Phone Number Search To Find Out Who Owns Any Phone!
By: Grant L Dougan | 02/07/2009Today we show you the easy way to find out complete details about the owner of any phone. This free reverse phone lookup lets you discover any phone owner's name, address and even background details.
Replacing iphone parts – a modern necessity
By: Britney Simpson | 02/07/2009Technology will never cease to evolve and this is also the case with the iphones that appeared on the market a few years ago. Most people seem to have become addicted to these gadgets due to the fact that they are practical, functional, user friendly and easy to carry around. The tragedy occurs when the iphone breaks down and those who are used to it need to have it back and working as soon as possible. In this case, you have two options: you can either shop around for iphone parts or you can go
A Guide to Large and Grand Format Digital Printing Technology
By: Matthew Theobald | 02/07/2009This guide has been designed to help you understand the demands of the ever expanding digital print market. In this, and following articles, you will find an explanation of the technologies and applications and an overview of the products available.
Digital Printing and Large-Format Displays - Types of Ink
By: Matthew Theobald | 02/07/2009What are the different types of ink technology used in todays large format digital print industry and how do they differ? This article answers this question.
Pimp My Computer
By: The Geen Bug | 02/07/2009If your computer case has become boring to you, you could try to pimp it up and make it cooler, flashier, darker, funny or try
Configuring a Site-to-site Vpn Between Two Cisco Routers
By: Don R. Crawley | 10/12/2008 | ComputersLearn the steps for configuring a secure site-to-site Virtual Private Network (VPN) with Cisco routers.
How to Configure Ssh (secure Shell) for Remote Login on a Cisco Router
By: Don R. Crawley | 02/12/2008 | ComputersLearn how to configure SSH for secure remote login on a Cisco router in this soundtraining.net "how-to" guide. SSH replaces the notoriously non-secure Telnet protocol for remote login.
Understanding the Fundamentals of Ethernet
By: Don R. Crawley | 06/09/2008 | ComputersIn this brief article, you'll learn the basics of how Ethernet works in modern computer networks and cabling options for your network.
How to Get Help in Linux
By: Don R. Crawley | 04/09/2008 | ComputersThe Linux operating system includes substantial built-in help systems. In this article, veteran I.T. guy Don R. Crawley explains how to find and use Linux help systems.
The Three Secrets to Profitable Email Marketing
By: Don R. Crawley | 21/05/2008 | BusinessLegitimate email marketing is a very powerful tool for your business...if you use it correctly. In this concise article, you'll learn the three keys for profitable email marketing and how you can use it successfully in your business.
How to Create and Manage Access-control Lists on Cisco Asa and Pix Firewalls
By: Don R. Crawley | 30/04/2008 | ComputersLearn the fundamentals of building and managing access-control lists on a Cisco ASA or PIX firewall in this soundtraining.net "How-to" guide.
How to Create and Exchange Digital Documents
By: Don R. Crawley | 27/04/2008 | BusinessDigital documents are safer, more secure, easier to search, easier to send, and infinitely easier to store. In this article, you'll learn about the benefits of using digital documents and gain some practical ideas about how to start using digital documents in your business.
Automating Appointment Scheduling
By: Don R. Crawley | 24/04/2008 | BusinessLearn how to let your customers and clients manage their own appointments by automating the appointment scheduling process with free or low cost online tools. In this brief article, automation evangelist Don R. Crawley show you how to automate appointment scheduling with another way to go digital without going postal.