This topic is to discuss the following lesson:
Hello Rene,
Great video. I have a suggestion please. Can you start doing like a CCIE video series, many people understand better with videos and the way you explain topics is very great and straight forward, i hope you can implement this idea which will be so great. thanks
Ammar,
Hi Ammar,
Glad to hear you like it. About the videos, I will. My goal is to have a video for each of the tutorials I have.
Rene
Hello Rene,
That would be perfect. People like videos and prefer them more that going through books haha , i am looking forward for the videos. Thanks
If we already have dynamic NAT then why there is a need for PAT?
When you use dynamic NAT, you require a pool with public IP addresses. Each host that gets translated requires a public IP address from the pool.
PAT allows us to translate multiple private IP addresses to a single public IP address.
Rene is it possible when configuring NAT on a router on GNS3 to provide a simulation which will enable or facilitate actual translations in the NAT table without generating actual live production network traffic from a host(s)… on your lab gns3 router …hope this makes sense
Hi William,
You can’t simulate NAT traffic on the local router. If you want to see some NAT translations, you’ll have to send some traffic through your router. When I have to test something like this I like to use another router or switch as the “host” device. Some quick pings are enough to test NAT.
Rene
Hi Rene,
I have two questions.
-
What is the difference between PAT and CGNAT?
-
When using PAT, will the NAT router change the source port,no matter what source port is used by the LAN device? If yes, it should have a mapping table between host’s source port and the new source port assigned by NAT router. Isn’t it?
Hi Rakesh,
PAT means port address translation, this doesn’t mean that the source port is always changed though. Take a look at this example:
How to configure PAT on Cisco IOS Router
Look for the show ip nat translations command in that lesson. You can see the source ports remain the same, the router will only change these if two hosts happen to pick the same source port number.
CGNAT stands for Carrier Grade NAT. Some ISPs don’t give their customers public IP addresses anymore but private IP addresses. The ISP will use NAT/PAT to put many customers behind a single public IP address.
Rene
Hi Rene,
- If we have multiple hosts in a LAN behind a router & want to connect server in Internet. So, NAT alone doesnt work here. Both NAT+PAT should be used together. Pls confirm. (Assume, we have only one public IP)
2)How to find PAT mapping ? any commnad?
Thanks
Hi Ashok,
If you have multiple hosts behind a single public IP address then you will need PAT yes. Right above your reply is the link to my PAT tutorial, which explains everything.
Rene
Hi Rene,
I have a question that’s been bothering me for a while. If your ISP routes you a public /24, how do you put all those 255 addresses on a single router? The router would need to have these configured to be able to use them as source addresses, right?
Thanks in advance,
Shawn
Hi Shawn,
If you are using PAT, you don’t need to assign all those public IP’s that you are getting from your ISP to your router. As explained by Rene in the lesson, using 1 Public IP which is assigned to the outside interface can be used to PAT your source address to the internet. Even-though, you can add more than 1 public IP to the interface as a secondary IP.
I recommend you to check this lab:
Hi, and thank you for the reply. I was talking about dynamic NAT, or Static NAT, where you would have a pool of Public IP addresses and a pool of private addresses. In order to use one of the public IP addresses as your new source address, it has to be configured on the router, right? Or can you just have your ISP route you the subnet and they will see the source ip as it get’s NAT’d and know what to do with it.
I hope this makes more sense, I am not talking about PAT (layer 4) at all.
Thanks
Hi Shawn,
If I understand your question correctly, you have a subnet of /24 public IP from your ISP and you want to use it in a Dynamic NAT by which your private internal IP’s can go to the internet. If this is the case, you don’t need to have a pool of private IP’s as you mentioned. What you need is to configure a pool of your public IP in the Dynamic NAT by which each internal host will reserve one Public IP to go to the internet.
For example: if you have configured in your router a pool of 5 public IP’s then only 5 internal private IP’s at a time can go to the internet. In other word, every private IP will reserve an available public IP from the pool.
I can refer you to this lesson for more information:
Configure Dynamic NAT
Please explain what is a bidirectional NAT
Hi Pavan,
In most NAT/PAT examples, we only translate the source IP address.
With bi-directional NAT, you can translate both the source and destination IP address at the same time.
Rene
I have a doubt about private address and public address
i perfect understand which ip address is public and private. But in the real world i’ve seen an ISP accepting RFC 1918 ip addresses in its inbound BGP filter (yes, it’s so unprofessional)
So, in the real world, we can announce any subnet, independently if its a public or private, despite all Cisco OCG mention “RFC 1918 ip address are not reacheable or routeable into internet”
I’d like to read your toughts about it
Hello Juan
The rule is that RFC1918 IP addresses are not reachable or routable on the internet. That is a rule that ISPs are responsible for adhering to and implementing. There is no technological inability to routing these addresses, but by definition, everyone is required to adhere to it and that is why you cannot do it. But even if an ISP does accept them, when they try to hand them off to other networks, the routers on the Internet at large are configured to drop any such traffic.
Cisco’s OCGs mention this because it is expected that all Internet networks are configured to adhere to this rule.
I hope this has been helpful!
Laz