PAT Configuration 1​

Topology

Tasks:

A small company has a private network using IP addresses from the 192.168.1.0/24 range. The network is connected to the internet through a single public IP address provided by the ISP. To allow multiple internal devices to access the internet simultaneously, the company wants to implement Port Address Translation (PAT) on their router (R1).

Configure the R1's interfaces for NAT.
Configure a standard named access list named PAT_ACL to identify traffic from internal network.
Configure R1 so that traffic from multiple private IPs is translated to the public IP address of the G0/1 interface.
Verify by pinging the ISP from PC1.

Solution:

Task 1: Configure the R1's interfaces for NAT.

The internal and external interfaces must be marked for the NAT to function. The internal interface is the private network interface and external interface is the public network interface.

R1# configure terminal
R1(config)# interface g0/0
R1(config-if)# ip nat inside
R1(config-if)# interface g0/1
R1(config-if)# ip nat outside
R1(config-if)# exit

ip nat inside marks the internal LAN interface for NAT. ip nat outside  marks the external interface for NAT.

 

Task 2: Configure a standard named access list named PAT_ACL to identify traffic from internal network.

In NAT, an access list is used to match traffic from the private network. This access-list needs to permit the internal private network.

Router(config)# ip access-list standard PAT_ACL
Router(config-std-nacl)# permit 192.168.1.0 0.0.0.255
Router(config-std-nacl)# exit

This access list matches traffic originating from the internal private network 192.168.1.0/24. Access-lists use wildcard mask. The 255.255.255.0(/24) subnet mask is equal to 0.0.0.255 wildcard mask.

 

Task 3: Configure R1 so that traffic from multiple private IPs is translated to the public IP address of the G0/1 interface.

We need to configure PAT to dynamically translate internal private IPs to the public IP of the G0/1 interface. In PAT (Port Address Translation) multiple internal private IPs share a single public IP address and the router distinguishes between connections using port numbers.
 

R1(config)# ip nat inside source list PAT_ACL interface g0/1 overload

ip nat inside source list NAT_ACL: Uses the NAT_ACL to identify the traffic for translation.

interface g0/1: Specifies the public IP address (interface G0/1) for NAT.

overload: Enables PAT, allowing multiple internal IPs to share a single public IP address.

 

Task 4: Verify by pinging the ISP from PC1.

From PC1, ping the ISP (203.0.113.2) to verify connectivity.

PC1:\> ping 203.0.113.2

Pinging 203.0.113.2 with 32 bytes of data:

Request times out.
Reply from 203.0.113.2: bytes=32 time<1ms TTL=127
Reply from 203.0.113.2: bytes=32 time<1ms TTL=127
Reply from 203.0.113.2: bytes=32 time<1ms TTL=127

Now exit configuration mode and save the configuration.

R1(config)# end
R1# write memory

 

Packet Tracer File

Clicking this button will begin the download of a ZIP file. Inside the ZIP file, you'll find a Packet Tracer Activity (.pka) file, which will automatically track your progress as you configure the network.

Download