This chapter provides information and commands concerning the following topics:
Private IP addresses: RFC 1918
Configuring dynamic Network Address Translation: One private to one public address translation
Configuring PAT: Many private to one public address translation
Configuring static NAT: One private to one permanent public address translation
Verifying NAT and PAT configurations
Troubleshooting NAT and PAT configurations
The following table lists the address ranges as specified in RFC 1918 that anyone can use as internal private addresses. These will be your “inside-the-LAN” addresses that will have to be translated into public addresses that can be routed across the Internet. Any network is allowed to use these addresses; however, these addresses are not allowed to be routed onto the public Internet.
Note
For a complete configuration of Network Address Translation (NAT)/Port Address Translation/(PAT) with a diagram for visual assistance, see the sample configuration at the end of this chapter.
Dynamic Address Translation (Dynamic NAT) maps unregistered (private) IP addresses to registered (public) IP addresses from a pool of registered IP addresses.
PAT maps multiple unregistered (private) IP addresses to a single registered (public) IP address (many to one) using different ports. This is also known as overloading or overload translations. By using PAT or overloading, thousands of users can be connected to the Internet by using only one real registered public IP address.
You can have an IP NAT pool of more than one address, if needed. The syntax for this is as follows:
Corp(config)#ip nat pool scott 64.64.64.70 64.64.64.75 netmask
255.255.255.128
You would then have a pool of six addresses (and all their ports) available for translation.
Note
The theoretical maximum number of translations between internal addresses and a single outside address using PAT is 65,536. Port numbers are encoded in a 16-bit field, so 216 = 65,536.
Static Address Translation (Static NAT) allows one-to-one mapping between local (private) and global (public) IP addresses.
Caution
Make sure that you have in your router configurations a way for packets to travel back to your NAT router. Include a static route on the ISP router defining a path to your NAT addresses/networks and how to travel back to your internal network. Without this in place, a packet can leave your network with a public address, but it cannot return if your ISP router does not know where the public addresses exist in the network. You should be advertising the public addresses, not your private addresses.
Note
The default timeout for a translation entry in a NAT table is 24 hours.
Figure 22-1 shows the network topology for the PAT configuration that follows using the commands covered in this chapter.
18.119.133.96