PAT (Overloading) Configuration
As you’ll see in Table 8.5, the commands used for PAT are similar to what we used for
dynamic NAT:
This example shows how to configure inside global address overloading. This is the typical
NAT you would use today. It is rare you would use static or dynamic NAT unless you were
statically mapping an internal server, for example.
Here is a sample output of a PAT configuration:
ip nat pool globalnet 170.168.2.1 170.168.2.1
netmask 255.255.255.0
TABLE 8 . 5
PAT Commands
Command Meaning
ip nat pool
pool_name starting_ address
ending_address
mask
Creates a pool of inside global addresses for
the inside local hosts to use
ip nat inside source list
list_number
pool
pool_name
overload
Sets the inside local hosts that match the
access-list number to use the pool of
addresses configured by the
ip nat pool
command. The Overload command configures
PAT.
ip nat inside
Sets the inside local interface
ip nat ouside
Sets the inside global interface
access-list
list_number
permit network
inverse_mask
Creates an access list that permits the inside
local hosts to use the global pool of
addresses
ip nat inside source list 1 pool globalnet overload
!
interface Ethernet0/0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0/0
ip address 170.168.2.1 255.255.255.0
ip nat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255
The nice feature of PAT is that the only differences between this configuration and the
previous dynamic NAT configuration is that the pool of addresses has shrunk to only one
IP address and at the end of the
ip nat inside source
command I included the
overload
command.
Notice in the example that the one IP address that is in the pool for you to use is the IP
address of the outside interface. This is perfect if you are configuring NAT Overload for yourself
at home or for a small office that has only one IP from your ISP. You could, however, use
an additional address such as 170.168.2.2 if you had the address available to you. This could
be helpful in a large implementation where you may have so many internal users that you need
more than one overloaded IP address on the outside.