Embed Size (px)
Citation preview
8/3/2019 Cisco PAT
http://slidepdf.com/reader/full/cisco-pat 1/8
Log In
Join TechRepublic
FAQ
Go Pro!
ZDNet
SmartPlanet
TechRepublic
TechRepublic
Home
Blogs
Downloads
Newsletters
Q&A
Discussions
Training
Research Library
IT Management
Development
IT Support
Data Center
Networks
Security
8/3/2019 Cisco PAT
http://slidepdf.com/reader/full/cisco-pat 2/8
Search
All of TechRepublic
Publications
Library
3Comments
more +
Set up Port Address Translation (PAT) in the
Cisco IOSBy David "Davis CCIE, MCSE+I, SCSA"May 14, 2002, 7:00am PDT
Port Address Translation (PAT) is a special kind of Network Address Translation (NAT). It can provide an excellent solution for a company that has multiple systems that need to access the Internet but thathas only a few public IP addresses. Let's take a look at the distinctions between NAT and PAT and see how they are typically used. Then, I'll show you how to configure PAT on a Cisco router.
Understanding PAT and NATBefore discussing PAT, it will help to describe what NAT does in general. NAT was designed to be a solution to the lack of public IP addresses available on the Internet. The basic concept of NAT is that it
allows inside/internal hosts to use the private address spaces (10/8, 172.16/12, and 192.168/16 networks — see RFC1918), go through the internal interface of a router running NAT, and then have the
internal addresses translated to the router's public IP address on the external interface that connects to the Internet.
If you dig into NAT a little deeper, you w ill discover that there are really three ways to configure it. From these configurations, you can perform a variety of functions. The three configurations are:
PAT
PAT is commonly known as “NAT overload” (or sometimes just “overload”). In this configuration, you have multiple clients on your inside network wanting to access an outside network (usually theInternet). You have few public IP addresses, many more than the number of clients, so you have to “overload” that real Internet IP address. In o ther words, you are mapping many inside clients to a single
Internet IP address (many to one). For an illustration of P AT, see Figure A.
Figure A
Pooled NAT Pooled NAT is similar to PAT except you have the luxury of having a one-to-one mapping of addresses. In other words, you h ave just as many inside network clients as you do outside network IP
8/3/2019 Cisco PAT
http://slidepdf.com/reader/full/cisco-pat 3/8
8/3/2019 Cisco PAT
http://slidepdf.com/reader/full/cisco-pat 4/8
You'll configure your Cisco router using seven commands. Let's assume that your Internet service provider gave you a 30-bit network containing two public IP addresses. This configuration would allowone address for your router and one address for your internal clients and devices. The first command you'll execute will tell the router which public IP address you want to use for PAT:ip nat pool mypool 63.63.63.2 63.63.63.2 prefix 30
This command configures a pool (range) of IP addresses to use for your translation. In this case, we want only one address in our pool, which we will overload. We do this by assigning the same IP address(63.63.63.2) for the start and end of the pool.
The next command will tell your router which IP addresses it is allowed to translate:
access-list 1 permit 10.10.10.0 0.0.0.255
It's not a good idea to put “permit any” in the access list, even though you will occasionally see that as a recommendation in some sample configurations.
The next command is:ip nat inside source list 1 pool mypool overload
This command puts the pool definition and the access list together. In other words, it tells the router what w ill be translated to what. Th e overload keyword turns this into a PAT configuration. If you left
out overload , you would be able to translate only one IP address at a time, so only one client could use the Internet at a time.
Next, you need to tell PAT/NAT what interfaces are the inside network and what interfaces are the outside network. Here's an example:interface ethernet 0
ip nat inside
interface serial 0ip nat outside
With these commands, your PAT configuration is finished. You have told the Cisco IOS you are translating your network A into a single IP address from network B, that network A is on the ethernet 0interface and network B is on the serial 0 interface, and that you want to allow the inside network to overload the single IP address on the outside network.
Finally, verify that NAT works. This can be as simple as doing a ping command from your inside local host to an outside global host. If the ping succeeds, chances are you have everything configuredcorrectly. You can also use the following Cisco IOS commands to confirm and troubleshoot:
show ip nat translations [verbose]show ip n at statistics
With the translations command, you should see the translation that was created from your ping test. But watch out: The translations will disappear after their time-out expires. If you have configured
overload, these time-outs are configurable by traffic type.
SummaryYou should now understand the differences between PAT, Pooled NAT, and Static NAT, and you should be able to do a basic PAT configuration with the Cisco IOS. For more information, check out the
links below.
Additional resources
TechRepublic: "Learn wh y NAT can cause VPN connection problems"
TechRepublic: "Set up NAT using the Cisco IOS"
TechRepublic: "Use NAT to connect your network to the Internet"
Cisco: NAT Technical Tips Index
Cisco: How NAT Works
Cisco: Configuring Network Address Translation: Getting Started
Cisco: Frequently Asked Questions about Cisco IOS NAT
Cisco: IOS 12.2 Configuring Network Address Translation
Cisco: IOS 12.2 Overloading an Inside Global Address (PAT)
Cisco: IOS 12.2 IP Addressing Command Reference (including NAT commands)
PCWebopedia: NAT Definition
RFC1631: The IP Network Address Translator (NAT)
RFC1918: Address Allocation for Private Internets
Network Computing: Network Address Translation: Hiding in P lain Sight
Verizon: How Network Address Translation Works
Da Lan Tech: Network Address Translation for Beginners
3Comments
Add Your Opinion
Join the conversation!
Follow via:
RSS
Email Alert
Go to comment
Just In
Pooled Nat with PAT
jatin.kapoor@... 24th Apr 2008
i firmly believe that u should go with both pooled nat{dynamic nat} with PAT.Assign a pool of 14 public addresses for dynamic translation and keep the last one for PAT.So that if more than 14... ReadWhole Comment +
Community Preferences
8/3/2019 Cisco PAT
http://slidepdf.com/reader/full/cisco-pat 5/8
View:
Expanded
Show:
50
0Votes +-
NAT
Ore' 4th May 2005
If I have 30 private IP addresses, and 15 public IP addresses, what is the best NAT configuration to deploy - would it be dynamic or PAT.
Reply
Favorite
PreviousNext
PreviousNext
0Votes +-
Pooled Nat with PAT
jatin.kapoor@... 24th Apr 2008
i firmly believe that u should go with both pooled nat{dynamic nat} with PAT.Assign a pool of 14 public addresses for dynamic translation and keep the last one for PAT.So that if more than 14 concurrent users are logged in simultaneously , they can connect using Port mapping i.e PAT.hope this will be helpful for u.
Reply
Favorite
0Votes +-
RE: Set up Port Address Translation (PAT) in the Cisco IOS
meshack_baloyi@... 2nd Sep 2007
the information has helped me to grasp the basics of nat and basic configuration. thank you.
Reply
Favorite
Join the TechRepublic Community and join the conversation! Signing-up is free and quick, Do it now, we w ant to hear your opinion.
JoinLoginLoading Talkback...
Keep Up with TechRepublic
Five Apps
Google in the Enterprise
Subscribe Today
Follow us however you choose!
8/3/2019 Cisco PAT
http://slidepdf.com/reader/full/cisco-pat 6/8
Digg
RSS
Android
iPhoneView All
Hot Discussions
238
Why Android tablets failed: A po stmortem
30
Here's my ridiculous looking ahead to 2012 list
120
FOSS is the end of the world as we know it
24
The first 25 geek movies of 2012
Start a Discussion
View All
Hot Questions
6
That there should be no restrictions what can be posted on internet?
4
setting up of an entire IT department from scratch!
2
How do create 2 bootable partitions running win 7 on the same hard drive?
5
How to remove Conficker from Network?
Ask a Question
A CNET PROF ESSIONAL BRAND On TechRepublic DIY: How to replace the UI on your Android smartphone
TechRepublic
Search
Trending Topics
operating system
apple
windows xp tips newsletter
Unified Communications
imap and pop3
SOFTWARE
8/3/2019 Cisco PAT
http://slidepdf.com/reader/full/cisco-pat 7/8
Strategy
Compliance
mobile development
CAREER
Operating systems
sm bus controller driver
IT OPERATIONS
HARDWARE
Featured TechRepublic Pro Downloads
Windows 7: An IT Pro's Overview
Quick Reference: Linux Commands
500 Things You Need To Know To Succeed In Your IT career
Windows Server 2008 Reference Pack
Explore
Blogs
Downloads
Members
Q&A
DIscussions
Training
Store
Research Library
Photos
Videos
8/3/2019 Cisco PAT
http://slidepdf.com/reader/full/cisco-pat 8/8
Services
About Us
Membership
Newsletters
RSS Feeds
Site Map
Site Help & Feedback
FAQ
Advertise
Reprint Policy
Popular on CBS sites: US Open | PGA Championship | iPad | Video Game Reviews | Cell Phones
© 2011 CBS Interactive. All rights reserved. Privacy Policy | Ad Choice | Terms of Use | Advertise | Jobs
A ZDNet Web Site | Visit other CBS Interactive Sites:
