You’ll often hear port address translation referred to as ‘overloading’. We are overloading a single routable address. PAT allows the private IP addresses of inside hosts ( note that we are talking about multiple hosts) to be translated to a single routable address.
So we only need one address instead of multiples and even better we can use the address that’s already in use on the outside interface which in this case is going to be 172.12.123.1.
Now how do we perform this magic?
The private address is translated to a combination of that single IP address and a port number, allowing the same routable IP address to be used by multiple inside hosts for NAT. PAT’s easy to configure too!
We’re going to do it from the beginning. I did take the commands off from the previous lab because I want you to see them all over again and even an ACL again of course we need our inside and outside commands.
Instead of referring to a NAT pool with the ip nat inside source command, just identify the outside interface and the word overload. You’ll still need ip nat inside and ip nat outside on the appropriate interfaces. Let’s start…
So far so good. We’ve got our inside and outside interfaces identified, we have our ACL, we don’t need to create a pool because we’re not using a pool. So now we just need the ip nat inside command.
Let’s look at our options.
There again we’re translating source address, we are going to name an access list, we are going to identify ACL too.
And I told you we might see that ‘specify interface for global addresses’ choice in action.
That’s what we’re going to use here because this identifies the outside address. Now the term makes sense
So we’ve got interface there and then the expected list of interfaces
Overload is the one we should choose (overload and address translation) and this is also why we call it overloading.
And we have some options after that. Definitely for future studies you may never bump into those.
And I think we’re done …
“IPN that inside source list 2” but now we’re calling the interface serial 0/1/0 (that’s the interface whose address we’re going to use) and we are overloading.
So let’s try some of that overloading … I’ll send a ping to 172.12.123.2 the source of 10.1.1.2
looks good and check this out.
So our inside global address is 172.12.123,1 , port number 8, and that’s mapped to inside local 10.1.1.2 and you see again the outside local and outside global are the same because we’re not using NAT on that.
And you also see ICMP mentioned under ‘protocol’… (It’s really easy to miss that because it looks like it’s pro-inside global! but pro means protocol.)
And that looks good. So let’s go ahead and send one from 22
There we go. Goes right through.
So now we’re using the same inside global address. And we’re already using it on the serial interface. Really can’t beat that. It’s the port numbers that differentiate the combinations.
So that’s really port address translation. you can put a lot of ports on there.
I want to show you one more command about Nat and it’s ‘show IP Nat statistics’ or just ‘show IP nat stat’.
And this is going to show you how many active translations you have, the peak number of translations you’ve had, and some other helpful information… and note here when it says ‘peak translations 4 occurred 26 minutes ago’, that’s when I was working with SNAT and dynamic NAT.
So it kept up with all of that information. Right now it’s telling you we’ve got one dynamic translation, one extended, peak translations 4 shows your outside interfaces right now .
And now if I run ‘show ip nat trans’ , they are all gone! And then if again I run ‘show ip nat stat’ …
while I was talking they all died out so to speak.
So right now ‘show IP nat stat’ shows that we don’t have any active translations. It shows your peak number of translations and your outside interface if you’re using PAT. It’s also going to show you your inside interfaces. There’s more information about some dynamic mappings here , also the number of expired translations (We’ve had eight expired on us now), dynamic mappings : inside source, and here’s even the line access lists 2 and then the interface.
So let’s go ahead and send another ping there
and then ‘show IP nat stat’
and you’ll notice that same ‘1 dynamic 1 extended’ because it’s still technically dynamic it’s not what we refer to as dynamic NAT but it’s a dynamic entry and it is an extended entry because we are using port address translation.
So again the number of peak translations gives you right there, how long ago it was, outside interfaces and helpful information there, your inside information interface and very helpful information there, and then some information on expired translations and what your dynamic mappings even are.
Leave feedback about this