CCNA study notes on Network Address Translation (NAT)

Cisco Certified Network Associate (CCNA)


1. NAT (Network Address Translation) can be broadly classified as below:

NAT allows several hosts be connected to Internet by using fewer globally unique IP addresses. This in turn results in conserving the scarce public IP addresses. The terms public / global is used in the sense that the IP addresses are globally unique and officially registered.

NAT supports load sharing on inside machines. The inside machines are accessed in a round robin fashion, thus sharing load.

NAT offers some degree of security since IP addresses are not easily traceable. This is because, the actual host IP that is accessing the Internet is translated into outside IP address and vice versa. Thus, NAT offers protection against hacking.

One disadvantage of NAT is that it increases delay. This is obvious since address translation is involved.

Another disadvantage of NAT is that, when an application uses physical IP address, it may not function properly. This is because the physical IP address is changed by NAT.

3. When you are configuring NAT, NAT should be enabled on at least one inside and one outside interface. The command for enabling NAT on inside interface is:

R(config-if)#ip nat inside

The command for enabling NAT on the outside interface is:

R(config-if)#ip nat outside

Remember to enter into appropriate configuration modes before entering the commands. Usually, the inside NAT will be configured on an Ethernet interface, whereas the outside NAT is configured on a serial interface.

The command, ip nat inside source static <local ip> <global ip> configures address translation for static NAT.

The command, ip nat inside source list <access-list-number pool> <name> is used to map the access-list to the IP NAT pool during the configuration of Dynamic NAT.

4. The following command configures a static NAT translation by mapping inside local address to the inside global address.

ip nat inside source static

Here, is the inside local address, and is the inside global address. A packet’s source address is changed to by the NAT device.

5. Enable dynamic NAT on an interface include the following:

1. Defining a standard IP access-list using the command: access-list <access-list-number> {permit | deny} <local-ip-address>

2. Defining an IP NAT pool for the inside network using the command: ip nat pool <pool-name> <start-ip> <end-ip> {netmask <net-mask> | prefix-length <prefix-length>} [type-rotary]

Note that type-rotary is optional command. It indicates that the IP address range in the address pool identifies hosts among which TCP load is distributed.

3. Mapping the access-list to the IP NAT pool by using the command: ip nat inside source list <access-list-number> pool <pool-name>

4. Enabling NAT on at least one inside and one outside interface using the command: ip nat {inside | outside}

6. The syntax for enabling dynamic NAT to translate many inside hosts to an inside global IP address is: ip nat inside source list <access-list-number> pool <pool-name> overload

where <access-list-number> is the standard access list number, and <pool-name> is the pool name.

Note that the option 'overload' specifies many to one relationship.

This configuration is typically used when many hosts with private IP addresses need to access Internet through a specified globally unique IP address.

7. The following two statements are true about dynamic NAT translations:

Previous  Up  Next  

CertExams Blog! Facebook Page Twitter Page Certexams on YouTube

Disclaimer: is neither associated nor affiliated with Cisco® Systems, Inc. or any other company. CCNA, CCNP are trademarks of Cisco® Systems and duly acknowledged. The cheatsheets and practice tests material is a copyright of and the same is not approved or endorsed by respective certifying bodies.