Network Address Translation “NAT”

Nat allows a single device to act as an Internet gateway for internal LAN clients by translating the clients’ internal network IP Addresses into the IP Address on the NAT-enabled gateway device.In other words, NAT runs on the device that’s connected to the Internet and hides the rest of your network from the public.NAT is transparent to your network, meaning all internal network devices are not required to be reconfigured in order to access the Internet. All that’s required is to let your network devices know that the NAT device is the default gateway to the Internet.

From the diagram above you can see 3 hosts ( pc ) and the router ( gateway ) and the internet . Hosts are using and And 1 public address that connect to the internet .

for example if PC 1 want to reach a host on the internet with an IP of this is how the packet travel :

1- PC1 send a packet with a destination ip of with a source ip of and a source port  80 and destination port 4000 .
2- After the packet pass the router after the NAT  the new packet has a destination ip with a source ip and a source port  80 and destination port 4000

All possible because of the router NAT TABLE !

The NAT table track everything that goes in and out of the interfaces .


Static NAT allow internal private hosts to be accessible from your private network or internet .

From the diagram above lets say a host outside or private network wants to connect to PC 1 we will need to configure a static NAT :

On Router :
(config)#ip nat source inside ( local pc ip) ( outside globlal ip )
then we need to configure the inside , outside interface
(config)#interface fa 0/0
(config-if)#ip nat inside
(config)#interface serial 0/0
(config-if)#ip nat outisde
Dont forget that a static route must be made to reach your global address to your router from your ISP

Dynamic NAT

For private network to access the internet :

On Router :

Configure the inside , outside interface
(config)#interface fa 0/0
(config-if)#ip nat inside
(config)#interface serial 0/0
(config-if)#ip nat outisde
Create an access-list 
ip access-list 1 permit
Then you need to apply it 
ip nat source list 1 interface or next hop ip adsress

i will continue to update this section because there is a lot more to it .

Port Address Translation (  NAT Overload )


NAT Order of Operation

NAT Overview

Leave a Comment