Post

NAT

Posted
By Ntwork_Beginner
5 min read
NAT

Understanding Network Address Translation (NAT)

A Simple and Practical Guide for Networking Learners

The internet has grown far beyond what the original IPv4 addressing scheme was designed to support. With billions of devices now connected, IPv4 address exhaustion became a major challenge.

While IPv6 is the long-term solution, one technology has played a critical role in extending the life of IPv4:

Network Address Translation (NAT)

NAT allows multiple devices inside a private network to share a small number of public IP addresses when accessing the internet. This mechanism is widely used in home routers, enterprise networks, and ISP infrastructure.

Why NAT Exists

Every device on the internet must have a unique public IP address. However, the IPv4 address space contains only about 4.3 billion addresses, which is far fewer than the number of devices connected today.

To solve this limitation, networks use private IP addressing internally and translate those addresses into public IP addresses when communicating with the internet.

Private vs Public IPv4 Addresses

The concept of NAT depends on the difference between private and public IPv4 addresses.

Private IP Address Ranges

Defined by RFC 1918, these address ranges are reserved for internal networks:

RangeAddress Space
10.0.0.0/810.0.0.0 – 10.255.255.255
172.16.0.0/12172.16.0.0 – 172.31.255.255
192.168.0.0/16192.168.0.0 – 192.168.255.255

Key Characteristics

  • Private addresses can be reused by any organization
  • They are not routable on the public internet
  • ISPs discard packets containing private IP addresses
  • They must be translated to public IPs using NAT before accessing the internet

Example:

1
2
3
4
5

Laptop IP: 192.168.1.10 (Private)
Router Public IP: 203.0.113.5

NAT translates:
192.168.1.10 → 203.0.113.5

Cisco NAT Terminology (Important for Exams)

When working with NAT, Cisco defines four key address types. Understanding these is crucial for configuration and troubleshooting.

TermMeaning
Inside LocalThe private IP address of an internal host
Inside GlobalThe public IP representing the internal host
Outside LocalExternal host IP as seen from inside the network
Outside GlobalThe real IP address of the external host

Example

1
2
3

Internal PC: 192.168.1.10
Public NAT IP: 203.0.113.5
Web Server: 8.8.8.8
TypeAddress
Inside Local192.168.1.10
Inside Global203.0.113.5
Outside Local8.8.8.8
Outside Global8.8.8.8

In most typical scenarios:

Outside Local = Outside Global

because the router usually translates only the source address, not the destination.

Types of NAT

There are three main types of NAT used in networking.

1️⃣ Static NAT

Static NAT creates a permanent one-to-one mapping between a private IP address and a public IP address.

When is it used?

Typically for servers that must be accessible from the internet, such as:

  • Web servers
  • Mail servers
  • FTP servers

Example Mapping

1

192.168.1.10 → 203.0.113.10

Cisco Configuration

1
2
3
4
5
6
7

interface g0/0
ip nat inside

interface g0/1
ip nat outside

ip nat inside source static 192.168.1.10 203.0.113.10

Characteristics

✔ Manual configuration ✔ One-to-one translation ✔ Permanent mapping

2️⃣ Dynamic NAT

Dynamic NAT also provides one-to-one translation, but instead of manually assigning addresses, the router selects a public IP from a pool of available addresses.

How it works

  • Internal hosts send traffic
  • Router picks an available public IP from the pool
  • Translation is created temporarily

If the pool runs out of addresses, new requests are dropped.

Cisco Configuration

Step 1 — Define internal addresses

1

access-list 1 permit 10.0.0.0 0.0.0.255

Step 2 — Create NAT pool

1

ip nat pool PUBLIC_POOL 203.0.113.10 203.0.113.20 prefix-length 24

Step 3 — Bind ACL to pool

1

ip nat inside source list 1 pool PUBLIC_POOL

Characteristics

✔ Automatic ✔ One-to-one translation ✔ Uses a public IP pool

3️⃣ Dynamic PAT (Port Address Translation)

This is the most commonly used NAT type today.

PAT allows many internal devices to share a single public IP address by using different port numbers.

Because of this, PAT is also known as:

NAT Overload

Example

Internal HostTranslated Address
192.168.1.10203.0.113.5:1025
192.168.1.11203.0.113.5:1026
192.168.1.12203.0.113.5:1027

The port number uniquely identifies each connection.

Configuration Using Interface

1
2
3

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface g0/1 overload

Characteristics

✔ Many-to-one translation ✔ Uses TCP/UDP port numbers ✔ Most common NAT implementation

Essential NAT Verification Commands

When troubleshooting NAT on a Cisco router, these commands are extremely useful.

Show NAT Translations

1

show ip nat translations

Displays the active NAT table including:

  • Inside local
  • Inside global
  • Outside addresses
  • Port mappings

Show NAT Statistics

1

show ip nat statistics

Displays information such as:

  • Total active translations
  • NAT hits and misses
  • Expired translations

Clear NAT Table

1

clear ip nat translation *

This removes all dynamic NAT entries.

Interface Configuration Requirement

For NAT to work correctly, interfaces must be defined properly.

CommandPurpose
ip nat insideInterface facing the internal network
ip nat outsideInterface facing the ISP or internet

Example:

1
2
3
4
5

interface g0/0
ip nat inside

interface g0/1
ip nat outside

Important Note About ACLs in NAT

Many learners misunderstand the role of Access Control Lists (ACLs) in NAT.

In NAT configuration:

The ACL determines which traffic should be translated — not which traffic should be blocked.

It simply identifies the internal addresses eligible for NAT translation.

Quick NAT Revision Summary

NAT TypeTranslationConfigurationUse Case
Static NATOne-to-oneManualPublic servers
Dynamic NATOne-to-oneAutomatic poolLimited public IPs
Dynamic PATMany-to-oneUses portsHome/enterprise internet access

Key Takeaway

1
2
3

Static NAT   → Manual one-to-one
Dynamic NAT  → Automatic one-to-one
Dynamic PAT  → Many-to-one (Overload)

Final Thoughts

Network Address Translation is one of the most important technologies in modern networking. Without it, the IPv4 internet would have run out of usable addresses long ago.

Even though IPv6 adoption is growing, NAT continues to play a major role in:

  • Home networks
  • Enterprise infrastructures
  • ISP networks

For networking students and engineers, understanding NAT deeply is essential for troubleshooting, configuration, and exam preparation.

Keep learning, keep building networks. 🌐

🙌 Connect With Me

GitHub LinkedIn YouTube Gmail

CCNA
NAT CCNA
This post is licensed under CC BY 4.0 by the author.