Cisco – How to configure nat overload (pat)
Posted by Josh on Sun 23 Sep 2007Categories: Cisco , Cisco Routers - [20] Comments
I have had several requests for "router basics". This tutorial will show you how to translate your internal network into a single public ip address. Translating several internal or private addresses is called port address translation or PAT.
"PAT, or overloading, is a feature of Cisco IOS NAT and can be used to translate "internal" (inside local) private addresses to one or more "outside" (inside global, usually registered) IP addresses. Unique source port numbers on each translation are used to distinguish between the conversations. With NAT overload, a translation table entry containing full address and source port information is created." – Cisco.com
Here are the basics of PAT configuration
router#config t
router(config)#int f0/0
router(config-if)#ip nat inside
router(config-if)#int f1/0
router(config-if)#ip nat outside
router(config-if)#exit
router(config)#access-list 10 permit 10.100.100.0 0.0.0.255
router(config)#ip nat inside source list 10 interface f1/0 overload
router(config)#end
router#wr
October 27th, 2007 at 7:56 pm
[...] How to configure nat overload (pat) [...]
April 24th, 2008 at 1:25 am
how to download the tutorial
April 24th, 2008 at 12:20 pm
I didn’t make this one downloadable. Not for a particular reason … just forgot. I will try to post it soon.
June 30th, 2008 at 4:48 am
it’s naice explain and easy to understand
July 4th, 2008 at 9:38 pm
Straight to the point…thank you sir..
July 11th, 2008 at 2:31 pm
Thank you for a great post. Would you mind posting a tutorial on Cisco Nat on a stick? I have a 2600 router with one ethernet interface and i’m trying to use it to get my home network online using cisco gear, but I can’t find anything as well documented and explained using actual video like you do. I, and surely a lot of us out here will really appreciate it if you do.
Thanks,
George
July 13th, 2008 at 1:39 am
@George,
I have never tried nat on a stick. Can you explain a little more? Is the router connected to a switch and using vlans to separate inside from outside?
Josh
July 13th, 2008 at 10:27 am
Hi Josh,
Thanks for replying. From what i’ve gathered, nat on a stick involves the use of a router with a single physical ethernet interface and utilizes a virtual loopback interface to make up for the lack of another physical ethernet interface. The router is connected to a hub, as is the host PC or switch that connects host PCs. I have also heard of your description using a switch to connect to the single physical interface using VLANs to nat the inside to the outside, but I am even more confused about this process as far as how to configure nat for it to work. Maybe this is another post you can/should provide. I’m sure there are a lot of Cisco newbies like nyself with routers with single ethernet interfaces that would just LOVE TO HAVE access to configs like these to get online using their gear.
Thanks again Josh,
George
August 25th, 2008 at 1:12 pm
Hi Josh,
I return to this page quite regularly to see if you found the time, or even the inclination to post something on the NAT/PAT on a stick we discussed some time ago. Josh, please, post a demo of this type of config?
August 31st, 2008 at 12:59 am
George,
I honestly do not have time to do a tutorial on the nat/pat on a stick.
You might try these links:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml
http://shzandi.blogspot.com/2008/07/ccie-lab-nat-on-stick.html
http://blog.internetworkexpert.com/2008/07/15/a-curious-nat-scenario/
Josh
September 12th, 2008 at 2:34 pm
Josh,
I completely understand, I can only imagine how busy you must be with request such as mine on this site, it was worth a shot.
Thanks for the links though, that was really considerate of you, those were really very helpful.
Best regards,
george
February 16th, 2009 at 8:12 am
nice.
it helped me to configure 3-x NAT
public.IP-LAN/NAT-router1/NAT-router2/NAT-PC
router1 and router2 were connected through E1
February 17th, 2009 at 11:40 am
Hi Josh,
you gave a cisco amateur an very nice ‘guide’ for a basic understanding in setting up a VPN and i’m proud to say i succeeded in my more ‘complex’ environment setup.
Thank you !
July 3rd, 2009 at 10:53 pm
Hello,
I think that this tutorial is great.
Is there a downloadable version available?
Thanks
tytto
July 18th, 2009 at 5:46 pm
If there is not a link on the post, there is not a downloadable version…sorry.
Josh
August 5th, 2009 at 6:15 am
hello,
good job and thank you
what is your video soft ?
June 7th, 2010 at 1:31 pm
Hi Josh,
Do you have a tutorial on how to configure a VPN with NAT hide before VPN. I need to create a tunnel betwen two companies but one of them works with public adresses and do not accept rfc 1819 addresses.
Thanks in advance
VN
August 18th, 2010 at 12:04 am
anybody can help me,i’m working with my Laborotory router on a stick. i have done correctly the configuration. but i want to share the internet connection to vlan1,vlan2,vlan3. If anyone can give me the sample configurations how to share connection.
Thanks in advance,
Waple02
August 18th, 2010 at 8:37 am
waple02,
If you have 3 sub interfaces and one interface for the public, it might look something like this.
int f0
ip address dhcp
ip nat outside
int f1
no ip address
int f1.1
encapsulation dot1q 1
ip address 192.168.1.1 255.255.255.0
ip nat inside
int f1.2
encapsulation dot1q 2
ip address 192.168.2.0 255.255.255.0
ip nat inside
int f1.3
encapsulation dot1q 3
ip address 192.168.3.0 255.255.255.0
ip nat inside
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 10 permit 192.168.3.0 0.0.0.255
ip nat inside source list 1 interface f0 overload
This might not be exactly correct. Doing it all from memory. I will try to check my work later.
Josh
August 19th, 2010 at 12:02 am
@Josh,
Thanks for your help,i’ll wait for the confirmation of the configuration.
Waple02