How to configure PAT (Port Address Translation or NAT overload) in a Cisco Router
Static NAT is type of Network Address Translation (NAT) which is a one-to-one IP address mapping (one private IP address to one public IP address) and Dynamic NAT is a type NAT using many public IP addresses in a NAT address pool. Static NAT and Dynamic NAT therefore cannot be used providing internet access to inside users, because both require large number of IP public addresses.
PAT (Port Address Translation or NAT overload) is another Network Address Translation (NAT) technology, which can be used to provide internet access to inside users. In PAT (Port Address Translation or NAT overload), several inside private IP addresses can be translated to one or a few outside public IP addresses. PAT (Port Address Translation) is also known as NAT overload. The main advantage of PAT (Port Address Translation or NAT overload) is that it can be used efficiently for large number of inside private IP addresses even with a single public IP address.
PAT (Port Address Translation or NAT overload) uses unique source port number translation, instead of IP address translation. Port Numbers are 16-bit binary numbers and we have 65535 port numbers available. PAT (Port Address Translation or NAT overload) uses port numbers on Inside Global IP address to distinguish between translations. PAT (Port Address Translation or NAT overload) will try to keep the original source port from the inside private IP address. If this source port is already allocated to some other inside computer, PAT will allocate another port number.
To configure PAT (Port Address Translation or NAT overload) on a Cisco router, first you need to create an access list to identify the group of private inside IP addresses, which are allowed for NAT translation. That can be done by creating a standard IP access list.
Then you have to create a NAT pool, with a range public IP addresses (which your ISP (internet service provider) has allocated to you). This pool may contain even one public IP address also.
After creating an IP access list to identify the traffic and a pool of public IP addresses which your ISP (internet service provider) has allocated to you, you must configure NAT using “ip nat” command. Finally you must specify which is inside interface and which is outside interface.
The main difference between configuring Dynamic NAT and PAT (Port Address Translation or NAT overload) is the use of keywork "overload".
The configuration commands to configure PAT (Port Address Translation or NAT overload) is shown below.
omnisecu.com.R1>enable omnisecu.com.R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. omnisecu.com.R1(config)#access-list 10 permit 172.18.122.0 0.0.0.255 omnisecu.com.R1(config)#ip nat pool omnisecupool 108.160.236.251 108.160.236.251 netmask 255.255.255.0 omnisecu.com.R1(config)#ip nat inside source list 10 pool omnisecupool overload omnisecu.com.R1(config)#interface fa0/0 omnisecu.com.R1(config-if)#ip nat inside omnisecu.com.R1(config-if)#exit omnisecu.com.R1(config)#int fa0/1 omnisecu.com.R1(config-if)#ip nat outside omnisecu.com.R1(config-if)#exit omnisecu.com.R1(config)#exit omnisecu.com.R1#