Setting up Network Address Translation (NAT) on a router allows devices within a private network to access external networks like the internet. This guide will walk you through configuring **Static NAT** and **Dynamic NAT** using a NAT pool, helping you manage how internal IP addresses are translated to public IP addresses. ## Static NAT Configuration **Static NAT** creates a one-to-one mapping between a private IP address and a public IP address. This is useful when an internal device, such as a web server, needs to be consistently accessible from the outside world using the same public IP address. ### Steps to Configure Static NAT **1. Define the Inside and Outside Interfaces** First, specify which interfaces on the router are connected to the internal (inside) network and the external (outside) network. - **Inside Interface**: Connected to your local network with private IP addresses. - **Outside Interface**: Connected to the external network with public IP addresses. ```shell Router(config)# interface GigabitEthernet0/0 Router(config-if)# ip address 192.168.1.1 255.255.255.0 Router(config-if)# ip nat inside Router(config-if)# exit Router(config)# interface GigabitEthernet0/1 Router(config-if)# ip address 203.0.113.1 255.255.255.0 Router(config-if)# ip nat outside Router(config-if)# exit ``` **2. Configure the Static NAT Mapping** Map the internal private IP address to the external public IP address. ```shell Router(config)# ip nat inside source static 192.168.1.10 203.0.113.10 ``` In this example, any traffic from the internal host with IP address **192.168.1.10** will be translated to the public IP address **203.0.113.10** when communicating with external networks. ## Dynamic NAT Configuration with a NAT Pool **Dynamic NAT** uses a pool of public IP addresses to translate private IP addresses dynamically as devices initiate traffic to external networks. The translation is temporary and is released when the session ends. ### Steps to Configure Dynamic NAT **1. Define the Inside and Outside Interfaces** This step is similar to the static NAT configuration. ```shell Router(config)# interface GigabitEthernet0/0 Router(config-if)# ip address 192.168.1.1 255.255.255.0 Router(config-if)# ip nat inside Router(config-if)# exit Router(config)# interface GigabitEthernet0/1 Router(config-if)# ip address 203.0.113.1 255.255.255.0 Router(config-if)# ip nat outside Router(config-if)# exit ``` **2. Define a Pool of Public IP Addresses** Specify the range of public IP addresses that will be used for NAT translations. ```shell Router(config)# ip nat pool NAT_POOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0 ``` In this example, **NAT_POOL** includes public IP addresses from **203.0.113.10** to **203.0.113.20**. **3. Create an Access Control List (ACL) to Identify Inside Traffic** Define which internal IP addresses are allowed to be translated using NAT. ```shell Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255 ``` This ACL permits all devices within the **192.168.1.0/24** subnet to use NAT. **4. Link the ACL to the NAT Pool** Associate the ACL with the NAT pool so that matching traffic gets translated using the specified pool of public IP addresses. ```shell Router(config)# ip nat inside source list 1 pool NAT_POOL ``` This command tells the router to use **NAT_POOL** for translating traffic that matches **ACL 1**. ## Verifying NAT Configuration After setting up NAT, it's important to verify that it's working correctly. **1. View Active NAT Translations** Use the following command to display the current NAT translations: ```shell Router# show ip nat translations ``` This will show a table of active NAT translations, including the inside local (private) and inside global (public) IP addresses. **2. View NAT Statistics** To see statistics about NAT operations: ```shell Router# show ip nat statistics ``` This command provides information on the number of active translations, hits, misses, and expired translations. ## Conclusion Configuring NAT on your router allows multiple devices on a private network to access external networks using public IP addresses. Whether using **Static NAT** for consistent one-to-one mappings or **Dynamic NAT** with a pool of addresses, these configurations help manage IP address usage and enable secure communication between internal and external networks. Remember to always verify your configurations to ensure that NAT is functioning as expected, and make adjustments as necessary to maintain efficient and secure network operations.