PAT - NAT overload
November 10th, 2008 in
IP and IOS Features | tags:
NAT overload,
PAT In this post I will talk about NAT overload also known as PAT. In the previous post I talked about NAT. The difference between NAT and PAT is that for NAT you map 1 ip address to 1 single other address and when you use PAT you can translate a single or a group of ip-addresses to 1 single ip-address. This patting map TCP/UDP ports to other ports.
For this post I used the same diagram which I used my previous post also. On router R1 I configured two loopback ip-addresses which I will use in this NAT overloading example.
R1 :
|
|
|
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 11.11.11.11 255.255.255.255
!
interface FastEthernet2/0
ip address 12.12.12.1 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 12.0.0.0
no auto-summary
|
R2 :
|
|
|
interface FastEthernet2/0
ip address 12.12.12.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet3/0
ip address 23.23.23.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
router rip
version 2
network 12.0.0.0
network 23.0.0.0
no auto-summary
!
ip route 1.1.1.1 255.255.255.255 12.12.12.1
ip route 11.11.11.11 255.255.255.255 12.12.12.1
!
!
ip nat inside source list 100 interface FastEthernet3/0 overload
!
access-list 100 permit ip host 1.1.1.1 any
access-list 100 permit ip host 11.11.11.11 any
|
R3 :
|
|
|
interface FastEthernet3/0
ip address 23.23.23.3 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 23.0.0.0
no auto-summary
|
Let’s ping router R3 from router’s R1 loopback 1 address and see what happens :
R1 :
|
|
|
R1#ping 23.23.23.3 source loopback 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 23.23.23.3, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/71/120 ms
|
Let’s have a look at router R2’s NAT table :
R2 :
|
|
|
R2#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 23.23.23.2:11 11.11.11.11:11 23.23.23.3:11 23.23.23.3:11
|