Static NAT Configuration

Static NAT provides a one-to-one mapping between internal private IP addresses and external public IP addresses. This method is often utilized to allow external users to access specific interanl resources using a consistent public address.

[Gateway-GigabitEthernet0/0/1] nat static global 202.100.1.5 inside 192.168.10.10
[Gateway-GigabitEthernet0/0/1] nat static global 202.100.1.6 inside 192.168.10.11

While Static NAT ensures reachability, it is inefficient for general internet access as it consumes one public IP per internal host.

Dynamic NAT Implementation

Dynamic NAT uses a pool of public IP addresses. When internal hosts initiate traffic, they are assigned a public IP from the pool on a first-come, first-served basis. By default, Dynamic NAT without Port Address Translation (PAT) still maintains a one-to-one mapping during the session.

[Gateway] nat address-group 1 202.100.1.10 202.100.1.20
[Gateway] acl 2001
[Gateway-acl-basic-2001] rule 5 permit source 192.168.10.0 0.0.0.255
[Gateway-acl-basic-2001] quit
[Gateway] interface GigabitEthernet 0/0/1
[Gateway-GigabitEthernet0/0/1] nat outbound 2001 address-group 1 no-pat

The no-pat keyword ensures that only the IP address is translated without changing the source port.

Network Address Port Translation (NAPT)

NAPT is the most common form of NAT. It allows multiple internal hosts to share a single public IP address by translating both the IP address and the transport layer port numbers. This significantly conserves public IPv4 addresses.

[Gateway-GigabitEthernet0/0/1] undo nat outbound 2001 address-group 1 no-pat
[Gateway-GigabitEthernet0/0/1] nat outbound 2001 address-group 1

By removing the no-pat paramter, the system uses port multiplexing, allowing thousands of simultaneous sessions over a limited number of public IPs.

Easy IP Configuration

Easy IP is a variation of NAPT specifically designed for scenarios where the public IP address of the WAN interface is assigned dynamically (e.g., via DHCP or PPPoE). It uses the interface's own IP address as the translation source.

[Gateway-GigabitEthernet0/0/1] undo nat outbound 2001 address-group 1
[Gateway-GigabitEthernet0/0/1] nat outbound 2001

This approach eliminates the need for an address group, making it ideal for SOHO (Small Office/Home Office) environments and branch offices with dynamic uplinks.

NAT Server (Port Forwarding)

NAT Server, or destination NAT, is used to expose internal services to the public internet. It maps a specific public IP and port to an internal private IP and port.

[Gateway-GigabitEthernet0/0/1] nat server protocol tcp global 202.100.1.5 80 inside 192.168.10.100 80
[Gateway-GigabitEthernet0/0/1] nat server protocol tcp global 202.100.1.5 22 inside 192.168.10.101 22

In this configuration, HTTP traffic sent to the public address 202.100.1.5 on port 80 is forwarded to the internal server at 192.168.10.100.

Technical Summary of NAT Types

• Static NAT: Manual one-to-one mapping. Useful for fixed server visibility but lacks scalability.
• Dynamic NAT (No-PAT): Uses a address pool for one-to-one temporary mapping. Better management than Static NAT but still limited by pool size.
• NAPT: Port-based multiplexing using an address pool. High scalability for many internal users.
• Easy IP: Interface-based NAPT. Simplifies configuration and handles dynamic public IP addresses effectively.
• NAT Server: Destination NAT for incoming requests. Essential for hosting web, mail, or application services internally.