With Port Address Translation (PAT), one public IP address is used for all internal devices, but a different port is assigned to each private IP address. This type of NAT is also known as NAT Overload. This is the typical form of NAT used in today’s networks and is supported by most consumer-grade routers.
PAT allows you to support many hosts with only a few public IP addresses. It works by creating the dynamic NAT mapping, in which an global (public) IP address and a unique port number are selected. The router keeps a NAT table entry for every unique combination of private IP address and port, with translation to the global address and a unique port number.
The following example will help you understand the concept behind PAT:
As you can see in the picture above, PAT used unique source port numbers on the inside global IP address to distinguish between translations. For example, if the host with the IP address of 10.0.0.101 wants to access S1 on the Internet, the host’s private IP address will be translated by R1 as 18.104.22.168:1056 and the request will be sent to S1. S1 will respond to 22.214.171.124:1056. R1 will receive that response, look up in its NAT translation table, and forward the request to the host.
To configure PAT, the following commands are required:
1. configure the router’s inside interface using the ip nat inside command.
2. configure the router’s outside interface using the ip nat outside command.
3. configure an access list that has a list of the inside source addresses that should be translated.
4. enable PAT with the ip nat inside source list ACL_NUMBER interface TYPE overload global configuration command.
Here is how we would configure PAT for the network picture above.
First, we will define the outside and inside interfaces:
Next, we will define an access list that will include all private IP addresses we would like to translate:
Note that the access list defined above includes all IP addresses from the 10.0.0.0 – 10.0.0.255 range.
Now we need to enable NAT and refer to the ACL created in the previous step and to the interface whose IP address will be used for translations:
To verify the NAT translations, we can use the show ip nat translations command:
Notice how the same IP address (126.96.36.199) has been used to translate two private IP addresses (10.0.0.100 and 10.0.0.101).