NAT, PAT, overload, RFC 1631

Network Address Translation

NAT has developed because of short address spaces on the internet. There is no reason why LAN’s should have globally reachable IP addresses. So private address space is used in local LAN. And at the boarder router, addresses are translated into globally valid ip addresse. There can be many different kinds of mapping. For example you can map a number of local LAN addresses to one global address. N -> 1 Or you can map a group of local addresses to a group of global addresses N -> M. The special N -> 1 mapping is called „overload“ at cisco devices. Also clalled PAT (Port Address Transloation). Differnet inside addresses are mapped to one outside address over different TCP port mappings.
First important thing is to know about the mapping included with NAT. Cisco speaks of inside local, inside global, outside local and outside global mappings.

It’s important to know these terms good.

At first you have to decide witch interface is outside and witch is inside. The outside interface is for example the side connected to the WAN.
For understanding, keep in mind, local IP addresses are seen in the inside world and global IP addresses are seen in the outside world.

Here is an picture of these definitions and a description for a static overload definition.

static overload NAT

Here are the definitions for the NAT router:

ip nat inside source list 1 interface Serial0/0 overload

Where serial0/0 is the outside interface. You can also set the ip address of the outside interface:

ip nat inside source list 1 interface overload

Source list is an defined access list. This would be any addresses you would like to participate in port address translation:

access-list 1 permit

This would allow the subnet to be translated to the outside with ip add
Don’t forget to set on the inside interface:

interface ethernet0/0

ip nat inside

and on the outside interface:

interface serial0/0

ip nat outside
This is what is also called PAT (Port Address Translation).
The logic behind this, is a little bit different from what happens on a linux system for example. In the cisco world you sit in between the interfaces. In the linux world with iptables you concentrate on one interface and define most definitions there. Well there is not that much difference, but for me it was a kind of new, to understand cisco NAT.

The following solutions are possible:

static NAT:

it’s a one to one mapping. One indide address can be translated to one outside address.

Or PAT is possible. This is many inside addresses to one outside address.

dynamic NAT:

a group of inside addresses can be translated to a group or pool of outside addresses.

match host:

To assign the same host portion to an translated address. The network portion stays the same. For example to translate the address to


Leave a Reply