PAT

1. Port Address Translation (PAT)

Overview of PAT

Port Address Translation (PAT), also known as NAT Overload, enables multiple devices within a private network to share a single public IP address when accessing the internet. PAT assigns a unique port number to each connection initiated by an internal device, making simultaneous communication possible through the same public IP.

Differences Between PAT and NAT

NATPAT
One-to-one mapping of private to public IPs.Many-to-one mapping (multiple private IPs to a single public IP using ports).
Only the IPv4 address is modified.Both the IPv4 address and port numbers are modified.
Each private device requires a unique public IP.Multiple devices can share a single public IP.

Example

PAT Example

In this example, PC1 (192.168.1.10) and PC2 (192.168.1.11) within a private network communicate with an external server. PAT assigns unique source ports (4545 for PC1 and 5656 for PC2) to differentiate their sessions.

2. Configuring PAT

PAT with Single Public IP

In this scenario, devices on the internal network (192.168.1.0/24) share a single public IP (203.20.10.103) for internet access. PAT distinguishes each session with unique port numbers.

PAT Example 1

Configuration Steps:

  1. Create an Access List for Internal Traffic:
Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255

2. Enable PAT (Overload) on the Outside Interface:

Router(config)# ip nat inside source list 1 interface GigabitEthernet0/1 overload

3. Identify Inside and Outside Interfaces:

Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip nat inside
Router(config)# interface GigabitEthernet0/1
Router(config-if)# ip nat outside

Verifying the Configuration:

Router# show ip nat translations
Pro Inside global        Inside local         Outside local       Outside global
--- 203.20.10.103        192.168.1.10:1025    201.20.10.1:80      201.20.10.1:80
--- 203.20.10.103        192.168.1.11:1026    201.20.10.1:80      201.20.10.1:80

View NAT Statistics

Router# show ip nat statistics
Total active translations: 2 (0 static, 2 dynamic, 0 extended)
Outside interfaces: GigabitEthernet0/1
Inside interfaces:  GigabitEthernet0/0
Hits: 20  Misses: 1
Expired translations: 0
Dynamic mappings:
  Inside Source access-list 1 interface GigabitEthernet0/1 overload

PAT with Multiple Public IPs

While commonly used with a single public IP, PAT can be configured with a pool of public IP addresses. This setup provides scalability in networks with heavy outbound traffic.

PAT Multiple Public IPs

Configuration Steps:

  1. Define Inside and Outside Interfaces:
Router(config)# interface GigabitEthernet0/1
Router(config-if)# ip nat inside
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip nat outside

2. Create a Pool of Public IP Addresses:

Router(config)# ip nat pool PUBLIC_POOL 203.20.10.103 203.20.10.105 netmask 255.255.255.0

3. Define the Access List:

Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255

4. Configure PAT Using the Public IP Pool:

Router(config)# ip nat inside source list 1 pool PUBLIC_POOL overload

Verifying PAT Configuration

After configuring PAT, it’s essential to verify its functionality and troubleshoot any issues.

View Active NAT Translations

Router# show ip nat translations
Pro  Inside global          Inside local          Outside local        Outside global
---  203.20.10.103:4545     192.168.1.10:4545     201.20.10.1:80       201.20.10.1:80
---  203.20.10.104:5656     192.168.1.11:5656     201.20.10.1:443      201.20.10.1:443
---  203.20.10.105:7692     192.168.1.12:7692     201.20.10.1:80       201.20.10.1:80
---  203.20.10.103:4803     192.168.1.13:4803     201.20.10.2:80       201.20.10.2:80
---  203.20.10.104:9873     192.168.1.14:9873     201.20.10.3:443      201.20.10.3:443

This displays the current NAT translations, showing which internal IPs are using which public IPs and ports.

View NAT Statistics

Router# show ip nat statistics
Total active translations: 5 (0 static, 5 dynamic, 0 extended)
Outside interfaces: GigabitEthernet0/0
Inside interfaces:  GigabitEthernet0/1
Hits: 50  Misses: 3
Expired translations: 0
Dynamic mappings:
  Inside Source access-list 1 pool PUBLIC_POOL overload
    Pool PUBLIC_POOL: netmask 255.255.255.0
      Start: 203.20.10.103  End: 203.20.10.105
      Type: natpool, total addresses: 3, allocated: 2 (1% in use)

Explanation of Output:

  • Total active translations: Shows the current number of active NAT translations.
  • Outside interfaces / Inside interfaces: Specifies the interfaces configured for NAT.
  • Hits: Successful NAT translation requests.
  • Misses: Failed translation attempts.
  • Dynamic mappings: Details of the dynamic NAT pool, including the IP range and allocation usage.
Introduction to FHRP